diff options
Diffstat (limited to 'meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch')
-rw-r--r-- | meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch new file mode 100644 index 000000000..19949314c --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14492.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 6a0e7dbac67a8393e4505e593e5c46544c53eae0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon Kelley <simon@thekelleys.org.uk> | ||
3 | Date: Mon, 25 Sep 2017 18:47:15 +0100 | ||
4 | Subject: [PATCH 2/7] Security fix, CVE-2017-14492, DHCPv6 RA heap overflow. | ||
5 | |||
6 | commit 24036ea507862c7b7898b68289c8130f85599c10 upstream | ||
7 | git://thekelleys.org.uk/dnsmasq | ||
8 | |||
9 | Fix heap overflow in IPv6 router advertisement code. | ||
10 | This is a potentially serious security hole, as a | ||
11 | crafted RA request can overflow a buffer and crash or | ||
12 | control dnsmasq. Attacker must be on the local network. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | |||
16 | Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> | ||
17 | --- | ||
18 | src/radv.c | 3 +++ | ||
19 | 1 file changed, 3 insertions(+) | ||
20 | |||
21 | diff --git a/src/radv.c b/src/radv.c | ||
22 | index 749b666..d09fe0e 100644 | ||
23 | --- a/src/radv.c | ||
24 | +++ b/src/radv.c | ||
25 | @@ -198,6 +198,9 @@ void icmp6_packet(time_t now) | ||
26 | /* look for link-layer address option for logging */ | ||
27 | if (sz >= 16 && packet[8] == ICMP6_OPT_SOURCE_MAC && (packet[9] * 8) + 8 <= sz) | ||
28 | { | ||
29 | + if ((packet[9] * 8 - 2) * 3 - 1 >= MAXDNAME) { | ||
30 | + return; | ||
31 | + } | ||
32 | print_mac(daemon->namebuff, &packet[10], (packet[9] * 8) - 2); | ||
33 | mac = daemon->namebuff; | ||
34 | } | ||
35 | -- | ||
36 | 2.11.0 | ||
37 | |||