diff options
Diffstat (limited to 'meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14494.patch')
| -rw-r--r-- | meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14494.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14494.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14494.patch new file mode 100644 index 0000000000..a6f0e2abe6 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/dnsmasq-CVE-2017-14494.patch @@ -0,0 +1,37 @@ +From aba3f8df87d104d599920ea44e96191601638961 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Mon, 25 Sep 2017 20:05:11 +0100 +Subject: [PATCH 4/7] Security fix, CVE-2017-14494, Infoleak handling DHCPv6 + forwarded requests. + +commit 33e3f1029c9ec6c63e430ff51063a6301d4b2262 upstream +git://thekelleys.org.uk/dnsmasq + +Fix information leak in DHCPv6. A crafted DHCPv6 packet can +cause dnsmasq to forward memory from outside the packet +buffer to a DHCPv6 server when acting as a relay. + +Upstream-Status: Backport + +Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> +--- + src/rfc3315.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index 8d18a28..03b3f84 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, + + for (opt = opts; opt; opt = opt6_next(opt, end)) + { ++ if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) { ++ return 0; ++ } + int o = new_opt6(opt6_type(opt)); + if (opt6_type(opt) == OPTION6_RELAY_MSG) + { +-- +2.11.0 + |