rpms / dnsmasq

Clone
Source Code
GIT

Blame SOURCES/dnsmasq-2.76-CVE-2017-14494.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   dnsmasq-2.76-CVE-2017-14494.patch
Blob History Raw
e20e41 
From 8c8fe650dc17aad0fbafc920fde719218dc4568d Mon Sep 17 00:00:00 2001
e20e41 
From: Simon Kelley <simon@thekelleys.org.uk>
e20e41 
Date: Mon, 25 Sep 2017 20:05:11 +0100
e20e41 
Subject: [PATCH 4/9]     Security fix, CVE-2017-14494, Infoleak handling
e20e41 
 DHCPv6 forwarded requests.
e20e41
e20e41 
    Fix information leak in DHCPv6. A crafted DHCPv6 packet can
e20e41 
    cause dnsmasq to forward memory from outside the packet
e20e41 
    buffer to a DHCPv6 server when acting as a relay.
e20e41 
---
e20e41 
 src/rfc3315.c | 3 +++
e20e41 
 1 file changed, 3 insertions(+)
e20e41
e20e41 
diff --git a/src/rfc3315.c b/src/rfc3315.c
e20e41 
index 8d18a28..03b3f84 100644
e20e41 
--- a/src/rfc3315.c
e20e41 
+++ b/src/rfc3315.c
e20e41 
@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
e20e41
e20e41 
   for (opt = opts; opt; opt = opt6_next(opt, end))
e20e41 
     {
e20e41 
+      if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
e20e41 
+        return 0;
e20e41 
+      }
e20e41 
       int o = new_opt6(opt6_type(opt));
e20e41 
       if (opt6_type(opt) == OPTION6_RELAY_MSG)
e20e41 
 	{
e20e41 
--
e20e41 
2.9.5
e20e41

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation