rpms / dnsmasq

Clone
Source Code
GIT

Files

el4 el5 el6 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main rawhide
  1.   f25
  2.   dnsmasq-2.77-CVE-2017-14492.patch
Blob Blame History Raw 
From 24036ea507862c7b7898b68289c8130f85599c10 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 25 Sep 2017 18:47:15 +0100
Subject: [PATCH 3/9] Security fix, CVE-2017-14492, DHCPv6 RA heap overflow.

Fix heap overflow in IPv6 router advertisement code.
This is a potentially serious security hole, as a
crafted RA request can overflow a buffer and crash or
control dnsmasq. Attacker must be on the local network.
---
 src/radv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/radv.c b/src/radv.c
index 1032189..9b7e52c 100644
--- a/src/radv.c
+++ b/src/radv.c
@@ -198,6 +198,9 @@ void icmp6_packet(time_t now)
       /* look for link-layer address option for logging */
       if (sz >= 16 && packet[8] == ICMP6_OPT_SOURCE_MAC && (packet[9] * 8) + 8 <= sz)
 	{
+	  if ((packet[9] * 8 - 2) * 3 - 1 >= MAXDNAME) {
+	    return;
+	  }
 	  print_mac(daemon->namebuff, &packet[10], (packet[9] * 8) - 2);
 	  mac = daemon->namebuff;
 	}
-- 
2.9.5
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.