Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
ppp.23629
ppp-CVE-2020-8597.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ppp-CVE-2020-8597.patch of Package ppp.23629
From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 From: Paul Mackerras <paulus@ozlabs.org> Date: Mon, 3 Feb 2020 15:53:28 +1100 Subject: [PATCH] pppd: Fix bounds check in EAP code Given that we have just checked vallen < len, it can never be the case that vallen >= len + sizeof(rhostname). This fixes the check so we actually avoid overflowing the rhostname array. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> --- pppd/eap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- pppd/eap.c.orig +++ pppd/eap.c @@ -1421,7 +1421,7 @@ int len; } /* Not so likely to happen. */ - if (vallen >= len + sizeof (rhostname)) { + if (len - vallen >= sizeof (rhostname)) { dbglog("EAP: trimming really long peer name down"); BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); rhostname[sizeof (rhostname) - 1] = '\0'; @@ -1847,7 +1847,7 @@ int len; } /* Not so likely to happen. */ - if (vallen >= len + sizeof (rhostname)) { + if (len - vallen >= sizeof (rhostname)) { dbglog("EAP: trimming really long peer name down"); BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); rhostname[sizeof (rhostname) - 1] = '\0';
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor