]> Git Repo - qemu.git/commit - slirp/bootp.c
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c843af) | patch
slirp: check len against dhcp options array end
authorPrasad J Pandit <[email protected]>
Mon, 17 Jul 2017 12:03:26 +0000 (17:33 +0530)
committerSamuel Thibault <[email protected]>
Wed, 2 Aug 2017 22:26:44 +0000 (00:26 +0200)
commit413d463f43fbc4dd3a601e80a5724aa384a265a0
tree46d91274360ae4adcf4dd21ea30fd39e00ce7cf5tree | snapshot
parent5c843af22604edecda10d4bb89d4eede9e1bd3d0commit | diff
slirp: check len against dhcp options array end

While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.

This is CVE-2017-11434.

Reported-by: Reno Robert <[email protected]>
Signed-off-by: Prasad J Pandit <[email protected]>
Signed-off-by: Samuel Thibault <[email protected]>
slirp/bootp.c diff | blob | blame | history
Empty description
This page took 0.023998 seconds and 4 git commands to generate.