Commit de71c15d authored by Marc-André Lureau's avatar Marc-André Lureau
Browse files

upd6: check udp6_input buffer size

Fixes: CVE-2021-3593
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45

Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
parent 2eca0838
......@@ -31,7 +31,10 @@ void udp6_input(struct mbuf *m)
ip = mtod(m, struct ip6 *);
m->m_len -= iphlen;
m->m_data += iphlen;
uh = mtod(m, struct udphdr *);
uh = mtod_check(m, sizeof(struct udphdr));
if (uh == NULL) {
goto bad;
}
m->m_len += iphlen;
m->m_data -= iphlen;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment