diff options
-rw-r--r-- | recipes-networking/dnsmasq/dnsmasq/CVE-2017-14494.patch | 55 | ||||
-rw-r--r-- | recipes-networking/dnsmasq/dnsmasq_%.bbappend | 1 |
2 files changed, 56 insertions, 0 deletions
diff --git a/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14494.patch b/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14494.patch new file mode 100644 index 0000000..d32f713 --- /dev/null +++ b/recipes-networking/dnsmasq/dnsmasq/CVE-2017-14494.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From 33e3f1029c9ec6c63e430ff51063a6301d4b2262 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon Kelley <simon@thekelleys.org.uk> | ||
3 | Date: Mon, 25 Sep 2017 20:05:11 +0100 | ||
4 | Subject: [PATCH] Security fix, CVE-2017-14494, Infoleak handling DHCPv6 | ||
5 | forwarded requests. | ||
6 | |||
7 | Fix information leak in DHCPv6. A crafted DHCPv6 packet can | ||
8 | cause dnsmasq to forward memory from outside the packet | ||
9 | buffer to a DHCPv6 server when acting as a relay. | ||
10 | |||
11 | CVE: CVE-2017-14494 | ||
12 | Upstream-Status: Backport | ||
13 | |||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | --- | ||
16 | CHANGELOG | 8 ++++++++ | ||
17 | src/rfc3315.c | 3 +++ | ||
18 | 2 files changed, 11 insertions(+) | ||
19 | |||
20 | diff --git a/CHANGELOG b/CHANGELOG | ||
21 | index c48378f..d1cc074 100644 | ||
22 | --- a/CHANGELOG | ||
23 | +++ b/CHANGELOG | ||
24 | @@ -51,6 +51,14 @@ version 2.78 | ||
25 | Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana | ||
26 | and Kevin Hamacher of the Google Security Team for | ||
27 | finding this. | ||
28 | + | ||
29 | + Fix information leak in DHCPv6. A crafted DHCPv6 packet can | ||
30 | + cause dnsmasq to forward memory from outside the packet | ||
31 | + buffer to a DHCPv6 server when acting as a relay. | ||
32 | + CVE-2017-14494 applies. | ||
33 | + Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana | ||
34 | + and Kevin Hamacher of the Google Security Team for | ||
35 | + finding this. | ||
36 | |||
37 | |||
38 | version 2.77 | ||
39 | diff --git a/src/rfc3315.c b/src/rfc3315.c | ||
40 | index 920907c..4ca43e0 100644 | ||
41 | --- a/src/rfc3315.c | ||
42 | +++ b/src/rfc3315.c | ||
43 | @@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, | ||
44 | |||
45 | for (opt = opts; opt; opt = opt6_next(opt, end)) | ||
46 | { | ||
47 | + if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) { | ||
48 | + return 0; | ||
49 | + } | ||
50 | int o = new_opt6(opt6_type(opt)); | ||
51 | if (opt6_type(opt) == OPTION6_RELAY_MSG) | ||
52 | { | ||
53 | -- | ||
54 | 1.7.10.4 | ||
55 | |||
diff --git a/recipes-networking/dnsmasq/dnsmasq_%.bbappend b/recipes-networking/dnsmasq/dnsmasq_%.bbappend index 7db502a..c0c4633 100644 --- a/recipes-networking/dnsmasq/dnsmasq_%.bbappend +++ b/recipes-networking/dnsmasq/dnsmasq_%.bbappend | |||
@@ -5,4 +5,5 @@ SRC_URI += "file://0001-CVE-2017-14491.patch \ | |||
5 | file://0002-CVE-2017-14491.patch \ | 5 | file://0002-CVE-2017-14491.patch \ |
6 | file://CVE-2017-14492.patch \ | 6 | file://CVE-2017-14492.patch \ |
7 | file://CVE-2017-14493.patch \ | 7 | file://CVE-2017-14493.patch \ |
8 | file://CVE-2017-14494.patch \ | ||
8 | " | 9 | " |