diff options
| author | Seonah Moon <seonah1.moon@samsung.com> | 2017-10-16 16:00:26 +0900 |
|---|---|---|
| committer | Seonah Moon <seonah1.moon@samsung.com> | 2018-02-20 10:46:14 +0900 |
| commit | 920117f1229f955001e7a1f371af81e38da830fa (patch) | |
| tree | d26e0c27d968b2e746b3d38fd39df911d95740d7 | |
| parent | 89b9a20d6610e3bdd3ca536ee5facb2f91253bd8 (diff) | |
| download | dnsmasq-920117f1229f955001e7a1f371af81e38da830fa.tar.gz dnsmasq-920117f1229f955001e7a1f371af81e38da830fa.tar.bz2 dnsmasq-920117f1229f955001e7a1f371af81e38da830fa.zip | |
Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
Change-Id: Ia97bfc821fdb07ed599e4b4fa177280e0e52c8fa
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
| -rw-r--r-- | src/rfc3315.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/rfc3315.c b/src/rfc3315.c index 816dbc8..17612b0 100644 --- a/src/rfc3315.c +++ b/src/rfc3315.c @@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, for (opt = opts; opt; opt = opt6_next(opt, end)) { + if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) { + return 0; + } int o = new_opt6(opt6_type(opt)); if (opt6_type(opt) == OPTION6_RELAY_MSG) { |