26 lines
850 B
Diff
26 lines
850 B
Diff
Fix CVE-2017-11434:
|
|
|
|
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1472611
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
|
|
https://security-tracker.debian.org/tracker/CVE-2017-11434
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
|
|
|
|
diff --git a/slirp/bootp.c b/slirp/bootp.c
|
|
index 5a4646c182..5dd1a415b5 100644
|
|
--- a/slirp/bootp.c
|
|
+++ b/slirp/bootp.c
|
|
@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
|
|
if (p >= p_end)
|
|
break;
|
|
len = *p++;
|
|
+ if (p + len > p_end) {
|
|
+ break;
|
|
+ }
|
|
DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
|
|
|
|
switch(tag) {
|