rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0665-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   48fc634e1ab67241b15a48d1adeb5eee4e29b109
  2.   SOURCES
  3.   0665-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
Blob History Raw
23b3cf 
From 64383aae90fe4a1c1b5c4e4098e924c0e2623471 Mon Sep 17 00:00:00 2001
23b3cf 
From: Jan Synacek <jsynacek@redhat.com>
23b3cf 
Date: Thu, 1 Nov 2018 13:11:11 +0100
23b3cf 
Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
23b3cf 
 header
23b3cf
23b3cf 
Fixes a vulnerability originally discovered by Felix Wilhelm from Google.
23b3cf
23b3cf 
(cherry picked from commit 01ca2053bbea09f35b958c8cc7631e15469acb79)
23b3cf
23b3cf 
Resolves: CVE-2018-15688
23b3cf 
---
23b3cf 
 src/libsystemd-network/dhcp6-option.c | 2 +-
23b3cf 
 1 file changed, 1 insertion(+), 1 deletion(-)
23b3cf
23b3cf 
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
Pablo Greco 48fc63 
index ea863f45e4..649bbea304 100644
23b3cf 
--- a/src/libsystemd-network/dhcp6-option.c
23b3cf 
+++ b/src/libsystemd-network/dhcp6-option.c
23b3cf 
@@ -100,7 +100,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
23b3cf 
                 return -EINVAL;
23b3cf 
         }
23b3cf
23b3cf 
-        if (*buflen < len)
23b3cf 
+        if (*buflen < offsetof(DHCP6Option, data) + len)
23b3cf 
                 return -ENOBUFS;
23b3cf
23b3cf 
         ia_hdr = *buf;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation