Control: tags 1126538 + patch
Control: tags 1126538 + pending

Dear maintainer,

I've prepared an NMU for smartdns (versioned as 46.1+dfsg-1.1) and 
uploaded it to DELAYED/2. Please feel free to tell me if I should
cancel it.

cu
Adrian
diffstat for smartdns-46.1+dfsg smartdns-46.1+dfsg

 changelog                                                               |    8 ++
 patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch |   40 ++++++++++
 patches/series                                                          |    1 
 3 files changed, 49 insertions(+)

diff -Nru smartdns-46.1+dfsg/debian/changelog smartdns-46.1+dfsg/debian/changelog
--- smartdns-46.1+dfsg/debian/changelog	2025-03-20 23:49:12.000000000 +0200
+++ smartdns-46.1+dfsg/debian/changelog	2026-06-30 23:30:40.000000000 +0300
@@ -1,3 +1,11 @@
+smartdns (46.1+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
+    (Closes: #1126538)
+
+ -- Adrian Bunk <[email protected]>  Tue, 30 Jun 2026 23:30:40 +0300
+
 smartdns (46.1+dfsg-1) unstable; urgency=medium
 
   * New upstream version 46.1+dfsg
diff -Nru smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
--- smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch	1970-01-01 02:00:00.000000000 +0200
+++ smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch	2026-06-30 23:30:00.000000000 +0300
@@ -0,0 +1,40 @@
+From 14bb58b260270c501522e92fc190dbfe91e86618 Mon Sep 17 00:00:00 2001
+From: Nick Peng <[email protected]>
+Date: Mon, 12 Jan 2026 20:53:47 +0800
+Subject: dns: Fix stack buffer overflow in DNS SVCB/HTTPS record parsing
+
+---
+ src/dns.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/dns.c b/src/dns.c
+index 286784a..c0406e8 100644
+--- a/src/dns.c
++++ b/src/dns.c
+@@ -1687,6 +1687,11 @@ static int _dns_decode_rr_head(struct dns_context *context, char *domain, int do
+ 		return -1;
+ 	}
+ 
++	if (*rr_len > _dns_left_len(context)) {
++		tlog(TLOG_DEBUG, "rr len exceeds remaining buffer.");
++		return -1;
++	}
++
+ 	return 0;
+ }
+ 
+@@ -2384,6 +2389,11 @@ static int _dns_decode_HTTPS(struct dns_context *context, const char *domain, dn
+ 		return -1;
+ 	}
+ 
++	if (_dns_left_len(context) < rr_len) {
++		tlog(TLOG_DEBUG, "https data length exceeds buffer.");
++		return -1;
++	}
++
+ 	priority = _dns_read_short(&context->ptr);
+ 	ret = _dns_decode_domain(context, target, sizeof(target));
+ 	if (ret < 0) {
+-- 
+2.47.3
+
diff -Nru smartdns-46.1+dfsg/debian/patches/series smartdns-46.1+dfsg/debian/patches/series
--- smartdns-46.1+dfsg/debian/patches/series	2023-07-14 07:32:47.000000000 +0300
+++ smartdns-46.1+dfsg/debian/patches/series	2026-06-30 23:30:40.000000000 +0300
@@ -1,2 +1,3 @@
 init.patch
 reproducible-build.patch
+0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch

Reply via email to