Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
xen.12882
CVE-2017-11434-qemut-slirp-out-of-bounds-read-w...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-11434-qemut-slirp-out-of-bounds-read-while-parsing-dhcp-options.patch of Package xen.12882
While parsing dhcp options string in 'dhcp_decode', if an options' length 'len' appeared towards the end of 'bp_vend' array, ensuing read could lead to an OOB memory access issue. Add check to avoid it. Reported-by: Reno Robert <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- slirp/bootp.c | 3 +++ 1 file changed, 3 insertions(+) Index: xen-4.7.3-testing/tools/qemu-xen-traditional-dir-remote/slirp/bootp.c =================================================================== --- xen-4.7.3-testing.orig/tools/qemu-xen-traditional-dir-remote/slirp/bootp.c +++ xen-4.7.3-testing/tools/qemu-xen-traditional-dir-remote/slirp/bootp.c @@ -109,6 +109,9 @@ static void dhcp_decode(const uint8_t *b if (p >= p_end) break; len = *p++; + if (p + len > p_end) { + break; + } dprintf("dhcp: tag=0x%02x len=%d\n", tag, len); switch(tag) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor