Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | connman: Fix CVE-2023-28488 DoS in client.c | Ashish Sharma | 2023-05-16 | 1 | -0/+54 |
Avoid overwriting the read packet length after the initial test. Thus move all the length checks which depends on the total length first and do not use the total lenght from the IP packet afterwards. Fixes CVE-2023-28488 Reported by Polina Smirnova <moe.hwr@gmail.com> (From OE-Core rev: 47a9ae5592392bd10740e4571b06c8c739705058) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> |