| commit | 413d463f43fbc4dd3a601e80a5724aa384a265a0 | |
| author | Prasad J Pandit <pjp@fedoraproject.org> | |
| Mon, 17 Jul 2017 12:03:26 +0000 (17 17:33 +0530) | ||
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | |
| Wed, 2 Aug 2017 22:26:44 +0000 (3 00:26 +0200) | ||
| tree | 46d91274360ae4adcf4dd21ea30fd39e00ce7cf5 | treesnapshot (tar.gz zip) |
| parent | 5c843af22604edecda10d4bb89d4eede9e1bd3d0 | commitdiff |
slirp: check len against dhcp options array end
While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.
This is CVE-2017-11434.
Reported-by: Reno Robert <renorobert@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.
This is CVE-2017-11434.
Reported-by: Reno Robert <renorobert@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
| slirp/bootp.c | diffblobblamehistory |