From 4e84c1d6eb2f54d1643bd7ce62817c722ca36d25 Mon Sep 17 00:00:00 2001
From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com>
Date: Sun, 2 Mar 2025 18:06:24 +0100
Subject: [PATCH] core: fix DoS bug by changing assert to return

Closes https://github.com/avahi/avahi/issues/678

CVE: CVE-2025-68471

Upstream-Status: Backport
[https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1]

Signed-off-by: Amaury Couderc <amaury.couderc@est.tech>
---
 avahi-core/browse.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/avahi-core/browse.c b/avahi-core/browse.c
index 2941e57..86e4432 100644
--- a/avahi-core/browse.c
+++ b/avahi-core/browse.c
@@ -320,7 +320,10 @@ static int lookup_start(AvahiSRBLookup *l) {
     assert(l);
 
     assert(!(l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) != !(l->flags & AVAHI_LOOKUP_USE_MULTICAST));
-    assert(!l->wide_area && !l->multicast);
+    if (l->wide_area || l->multicast) {
+        /* Avoid starting a duplicate lookup */
+        return 0;
+    }
 
     if (l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) {
 
-- 
2.43.0