rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0034-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c8-beta c8s-sig-hyperscale f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master rpm-master
  1.   c8-beta
  2.   SOURCES
  3.   0034-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
Blob History Raw
e2ec8a 
From c232bc1f346a6af9777c216d01f7940898ae1650 Mon Sep 17 00:00:00 2001
e2ec8a 
From: Lennart Poettering <lennart@poettering.net>
e2ec8a 
Date: Fri, 19 Oct 2018 12:12:33 +0200
e2ec8a 
Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
e2ec8a 
 header
e2ec8a
e2ec8a 
Fixes a vulnerability originally discovered by Felix Wilhelm from
e2ec8a 
Google.
e2ec8a
e2ec8a 
CVE-2018-15688
e2ec8a 
LP: #1795921
e2ec8a 
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
e2ec8a
e2ec8a 
(cherry-picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
e2ec8a
e2ec8a 
Resolves: #1643363
e2ec8a 
---
e2ec8a 
 src/libsystemd-network/dhcp6-option.c | 2 +-
e2ec8a 
 1 file changed, 1 insertion(+), 1 deletion(-)
e2ec8a
e2ec8a 
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
e2ec8a 
index 18196b1257..0979497299 100644
e2ec8a 
--- a/src/libsystemd-network/dhcp6-option.c
e2ec8a 
+++ b/src/libsystemd-network/dhcp6-option.c
e2ec8a 
@@ -103,7 +103,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
e2ec8a 
                 return -EINVAL;
e2ec8a 
         }
e2ec8a
e2ec8a 
-        if (*buflen < len)
e2ec8a 
+        if (*buflen < offsetof(DHCP6Option, data) + len)
e2ec8a 
                 return -ENOBUFS;
e2ec8a
e2ec8a 
         ia_hdr = *buf;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation