diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-11-15 17:13:45 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-11-15 17:13:45 +0000 |
commit | e2d84e38284aeb9d522a7e935554340ddf0e4a6f (patch) | |
tree | 5a7444ee5f2af59431481999f729676090b1e0f3 /app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch | |
parent | 519e4d5d99fc43d5c9a038098c029dc4ef9d6792 (diff) |
gentoo resync : 15.11.2017
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch')
-rw-r--r-- | app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch deleted file mode 100644 index 5d32067c7a05..000000000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch +++ /dev/null @@ -1,29 +0,0 @@ -[Qemu-devel] [PATCH] slirp: check len against dhcp options array end -From: Prasad J Pandit <address@hidden> - -While parsing dhcp options string in 'dhcp_decode', if an options' -length 'len' appeared towards the end of 'bp_vend' array, ensuing -read could lead to an OOB memory access issue. Add check to avoid it. - -Reported-by: Reno Robert <address@hidden> -Signed-off-by: Prasad J Pandit <address@hidden> ---- - slirp/bootp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/slirp/bootp.c b/slirp/bootp.c -index 5a4646c..5dd1a41 100644 ---- a/slirp/bootp.c -+++ b/slirp/bootp.c -@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, - if (p >= p_end) - break; - len = *p++; -+ if (p + len > p_end) { -+ break; -+ } - DPRINTF("dhcp: tag=%d len=%d\n", tag, len); - - switch(tag) { --- -2.9.4 |