Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
xen.5854
CVE-2017-11434-qemuu-slirp-out-of-bounds-read-w...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-11434-qemuu-slirp-out-of-bounds-read-while-parsing-dhcp-options.patch of Package xen.5854
While parsing dhcp options string in 'dhcp_decode', if an options' length 'len' appeared towards the end of 'bp_vend' array, ensuing read could lead to an OOB memory access issue. Add check to avoid it. Reported-by: Reno Robert <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- slirp/bootp.c | 3 +++ 1 file changed, 3 insertions(+) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/slirp/bootp.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/slirp/bootp.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/slirp/bootp.c @@ -116,6 +116,9 @@ static void dhcp_decode(const struct boo if (p >= p_end) break; len = *p++; + if (p + len > p_end) { + break; + } DPRINTF("dhcp: tag=%d len=%d\n", tag, len); switch(tag) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor