Commit 361d374a authored by Lennart Poettering's avatar Lennart Poettering Committed by Thomas Haller
Browse files

dhcp6: make sure we have enough space for the DHCP6 option header

Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.

CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067

(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
(cherry picked from commit 01ca2053)
(cherry picked from commit fc230dca)
(cherry picked from commit cc1e5a7f)
(cherry picked from commit c3221cb0)
(cherry picked from commit f4f76553)
(cherry picked from commit 2a258729)
(cherry picked from commit ec471872)
(cherry picked from commit 6e56de0d)
parent 4e6dced5
......@@ -104,7 +104,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
return -EINVAL;
}
if (*buflen < len)
if (*buflen < offsetof(DHCP6Option, data) + len)
return -ENOBUFS;
ia_hdr = *buf;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment