Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
slirp
libslirp
Commits
9ac0371b
Commit
9ac0371b
authored
Apr 20, 2020
by
Marc-André Lureau
🎺
Browse files
Merge branch 'cve-2020-1983' into 'master'
Cve 2020 1983 Closes
#20
See merge request
!38
parents
b2dd0915
1abf18b2
Pipeline
#134780
passed with stage
in 2 minutes and 10 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
CHANGELOG.md
View file @
9ac0371b
...
...
@@ -9,12 +9,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added
-
`SLIRP_VERSION_STRING`
macro, with the git sha suffix when building from git
-
`SlirpConfig.disable_dns`
, to disable DNS redirection #16
### Changed
-
`slirp_version_string()`
now has the git sha suffix when building form git
-
Limit DNS redirection to port 53 #16
### Deprecated
### Fixed
-
Fix build regression with mingw & NetBSD
-
Fix use-afte-free in
`ip_reass()`
(CVE-2020-1983)
## [4.2.0] - 2020-03-17
### Added
...
...
@@ -22,12 +31,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
-
New API function
`slirp_add_unix`
: add a forward rule to a Unix socket.
-
New API function
`slirp_remove_guestfwd`
: remove a forward rule previously
added by
`slirp_add_exec`
,
`slirp_add_unix`
or
`slirp_add_guestfwd`
-
New SlirpConfig.outbound_addr{,6} fields to bind output socket to a
-
New
`
SlirpConfig.outbound_addr{,6}
`
fields to bind output socket to a
specific address
### Changed
-
socket: do not fallback on host loopback if get_dns_addr() failed
-
socket: do not fallback on host loopback if
`
get_dns_addr()
`
failed
or the address is in slirp network
### Fixed
...
...
src/ip_input.c
View file @
9ac0371b
...
...
@@ -327,8 +327,7 @@ insert:
*/
q
=
fp
->
frag_link
.
next
;
m
=
dtom
(
slirp
,
q
);
int
was_ext
=
m
->
m_flags
&
M_EXT
;
int
delta
=
(
char
*
)
q
-
(
m
->
m_flags
&
M_EXT
?
m
->
m_ext
:
m
->
m_dat
);
q
=
(
struct
ipasfrag
*
)
q
->
ipf_next
;
while
(
q
!=
(
struct
ipasfrag
*
)
&
fp
->
frag_link
)
{
...
...
@@ -351,8 +350,7 @@ insert:
* then an m_ext buffer was alloced. But fp->ipq_next points to the old
* buffer (in the mbuf), so we must point ip into the new buffer.
*/
if
(
!
was_ext
&&
m
->
m_flags
&
M_EXT
)
{
int
delta
=
(
char
*
)
q
-
m
->
m_dat
;
if
(
m
->
m_flags
&
M_EXT
)
{
q
=
(
struct
ipasfrag
*
)(
m
->
m_ext
+
delta
);
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment