Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
u-boot-odroid.25197
0018-CVE-net-fix-unbounded-memcpy-of-UDP.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0018-CVE-net-fix-unbounded-memcpy-of-UDP.patch of Package u-boot-odroid.25197
From 4f40ad5f63ca100dc3f0d75bca4287611a7c7514 Mon Sep 17 00:00:00 2001 From: "liucheng (G)" <liucheng32@huawei.com> Date: Thu, 29 Aug 2019 13:47:33 +0000 Subject: [PATCH] CVE: net: fix unbounded memcpy of UDP packet MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds a check to udp_len to fix unbounded memcpy for CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reported-by: FermÃn Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> (cherry picked from commit fe7288069d2e6659117049f7d27e261b550bb725) Signed-off-by: Matthias Brugger <mbrugger@suse.com> --- net/net.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/net.c b/net/net.c index a5a216c3ee..ecc1649d74 100644 --- a/net/net.c +++ b/net/net.c @@ -1258,6 +1258,9 @@ void net_process_received_packet(uchar *in_packet, int len) return; } + if (ntohs(ip->udp_len) < UDP_HDR_SIZE || ntohs(ip->udp_len) > ntohs(ip->ip_len)) + return; + debug_cond(DEBUG_DEV_PKT, "received UDP (to=%pI4, from=%pI4, len=%d)\n", &dst_ip, &src_ip, len);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor