Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:smartdns
User: [email protected]
Usertags: pu

  * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
    (Closes: #1126538)
diffstat for smartdns-46.1+dfsg smartdns-46.1+dfsg

 changelog                                                               |   15 
+++
 patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch |   40 
++++++++++
 patches/series                                                          |    1 
 3 files changed, 56 insertions(+)

diff -Nru smartdns-46.1+dfsg/debian/changelog 
smartdns-46.1+dfsg/debian/changelog
--- smartdns-46.1+dfsg/debian/changelog 2025-03-20 23:49:12.000000000 +0200
+++ smartdns-46.1+dfsg/debian/changelog 2026-07-03 13:16:47.000000000 +0300
@@ -1,3 +1,18 @@
+smartdns (46.1+dfsg-1.1~deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for trixie.
+
+ -- Adrian Bunk <[email protected]>  Fri, 03 Jul 2026 13:16:47 +0300
+
+smartdns (46.1+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
+    (Closes: #1126538)
+
+ -- Adrian Bunk <[email protected]>  Tue, 30 Jun 2026 23:30:40 +0300
+
 smartdns (46.1+dfsg-1) unstable; urgency=medium
 
   * New upstream version 46.1+dfsg
diff -Nru 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
--- 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
   1970-01-01 02:00:00.000000000 +0200
+++ 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
   2026-06-30 23:30:00.000000000 +0300
@@ -0,0 +1,40 @@
+From 14bb58b260270c501522e92fc190dbfe91e86618 Mon Sep 17 00:00:00 2001
+From: Nick Peng <[email protected]>
+Date: Mon, 12 Jan 2026 20:53:47 +0800
+Subject: dns: Fix stack buffer overflow in DNS SVCB/HTTPS record parsing
+
+---
+ src/dns.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/dns.c b/src/dns.c
+index 286784a..c0406e8 100644
+--- a/src/dns.c
++++ b/src/dns.c
+@@ -1687,6 +1687,11 @@ static int _dns_decode_rr_head(struct dns_context 
*context, char *domain, int do
+               return -1;
+       }
+ 
++      if (*rr_len > _dns_left_len(context)) {
++              tlog(TLOG_DEBUG, "rr len exceeds remaining buffer.");
++              return -1;
++      }
++
+       return 0;
+ }
+ 
+@@ -2384,6 +2389,11 @@ static int _dns_decode_HTTPS(struct dns_context 
*context, const char *domain, dn
+               return -1;
+       }
+ 
++      if (_dns_left_len(context) < rr_len) {
++              tlog(TLOG_DEBUG, "https data length exceeds buffer.");
++              return -1;
++      }
++
+       priority = _dns_read_short(&context->ptr);
+       ret = _dns_decode_domain(context, target, sizeof(target));
+       if (ret < 0) {
+-- 
+2.47.3
+
diff -Nru smartdns-46.1+dfsg/debian/patches/series 
smartdns-46.1+dfsg/debian/patches/series
--- smartdns-46.1+dfsg/debian/patches/series    2023-07-14 07:32:47.000000000 
+0300
+++ smartdns-46.1+dfsg/debian/patches/series    2026-06-30 23:30:40.000000000 
+0300
@@ -1,2 +1,3 @@
 init.patch
 reproducible-build.patch
+0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch

Reply via email to