Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
avahi
avahi-CVE-2023-38469.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File avahi-CVE-2023-38469.patch of Package avahi
From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin <evvers@ya.ru> Date: Mon, 23 Oct 2023 20:29:31 +0000 Subject: [PATCH] core: reject overly long TXT resource records Closes https://github.com/lathiat/avahi/issues/455 CVE-2023-38469 --- avahi-core/rr.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/avahi-core/rr.c b/avahi-core/rr.c index 2bb8924..9c04ebb 100644 --- a/avahi-core/rr.c +++ b/avahi-core/rr.c @@ -32,6 +32,7 @@ #include <avahi-common/malloc.h> #include <avahi-common/defs.h> +#include "dns.h" #include "rr.h" #include "log.h" #include "util.h" @@ -689,11 +690,17 @@ int avahi_record_is_valid(AvahiRecord *r) { case AVAHI_DNS_TYPE_TXT: { AvahiStringList *strlst; + size_t used = 0; - for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) + for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { if (strlst->size > 255 || strlst->size <= 0) return 0; + used += 1+strlst->size; + if (used > AVAHI_DNS_RDATA_MAX) + return 0; + } + return 1; } } -- 2.44.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor