Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Merge branch 'IZh/systemd-jb43667'
[systemd] Fix for CVE-2018-15688 in DHCP6 client. Fixes JB#43667 See merge request 14
- Loading branch information
Showing
2 changed files
with
35 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
From 4dac5eaba4e419b29c97da38a8b1f82336c2c892 Mon Sep 17 00:00:00 2001 | ||
From: Lennart Poettering <lennart@poettering.net> | ||
Date: Fri, 19 Oct 2018 12:12:33 +0200 | ||
Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option | ||
header | ||
|
||
Fixes a vulnerability originally discovered by Felix Wilhelm from | ||
Google. | ||
|
||
CVE-2018-15688 | ||
LP: #1795921 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=1639067 | ||
--- | ||
src/libsystemd-network/dhcp6-option.c | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c | ||
index cbd4bc7..2806415 100644 | ||
--- a/src/libsystemd-network/dhcp6-option.c | ||
+++ b/src/libsystemd-network/dhcp6-option.c | ||
@@ -106,7 +106,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia) { | ||
return -EINVAL; | ||
} | ||
|
||
- if (*buflen < len) | ||
+ if (*buflen < offsetof(DHCP6Option, data) + len) | ||
return -ENOBUFS; | ||
|
||
ia_hdr = *buf; | ||
-- | ||
2.1.4 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters