Blame SOURCES/dnsmasq-2.76-CVE-2017-14494.patch

a03026
From 8c8fe650dc17aad0fbafc920fde719218dc4568d Mon Sep 17 00:00:00 2001
a03026
From: Simon Kelley <simon@thekelleys.org.uk>
a03026
Date: Mon, 25 Sep 2017 20:05:11 +0100
a03026
Subject: [PATCH 4/9]     Security fix, CVE-2017-14494, Infoleak handling
a03026
 DHCPv6 forwarded requests.
a03026
a03026
    Fix information leak in DHCPv6. A crafted DHCPv6 packet can
a03026
    cause dnsmasq to forward memory from outside the packet
a03026
    buffer to a DHCPv6 server when acting as a relay.
a03026
---
a03026
 src/rfc3315.c | 3 +++
a03026
 1 file changed, 3 insertions(+)
a03026
a03026
diff --git a/src/rfc3315.c b/src/rfc3315.c
a03026
index 8d18a28..03b3f84 100644
a03026
--- a/src/rfc3315.c
a03026
+++ b/src/rfc3315.c
a03026
@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
a03026
   
a03026
   for (opt = opts; opt; opt = opt6_next(opt, end))
a03026
     {
a03026
+      if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
a03026
+        return 0;
a03026
+      }
a03026
       int o = new_opt6(opt6_type(opt));
a03026
       if (opt6_type(opt) == OPTION6_RELAY_MSG)
a03026
 	{
a03026
-- 
a03026
2.9.5
a03026