head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.10
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.8
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.6
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.4
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.2
	pkgsrc-2025Q1-base:1.1;
locks; strict;
comment	@# @;


1.1
date	2025.02.26.11.43.05;	author nia;	state Exp;
branches;
next	;
commitid	h2aw36yul0ScmYKF;


desc
@@


1.1
log
@avahi: Patch various security issues.

CVE-2023-38469
CVE-2023-38470
CVE-2023-38472
CVE-2023-38473
CVE-2021-3468
CVE-2021-3502

Verified to build on macos, linux, netbsd, freebsd, openbsd by
drecklypkg ci.
@
text
@$NetBSD$

[PATCH] core: reject overly long TXT resource records

Closes https://github.com/lathiat/avahi/issues/455

CVE-2023-38469

https://github.com/evverx/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf.patch

--- avahi-core/rr.c.orig	2015-04-01 04:58:14.149727123 +0000
+++ avahi-core/rr.c
@@@@ -32,6 +32,7 @@@@
 #include <avahi-common/malloc.h>
 #include <avahi-common/defs.h>
 
+#include "dns.h"
 #include "rr.h"
 #include "log.h"
 #include "util.h"
@@@@ -688,11 +689,17 @@@@ int avahi_record_is_valid(AvahiRecord *r
         case AVAHI_DNS_TYPE_TXT: {
 
             AvahiStringList *strlst;
+            size_t used = 0;
 
-            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
+            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
                 if (strlst->size > 255 || strlst->size <= 0)
                     return 0;
 
+                used += 1+strlst->size;
+                if (used > AVAHI_DNS_RDATA_MAX)
+                    return 0;
+            }
+
             return 1;
         }
     }
@