Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
u-boot-p2371-2180.25181
0014-CVE-net-fix-unbounded-memcpy-of-UDP.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0014-CVE-net-fix-unbounded-memcpy-of-UDP.patch of Package u-boot-p2371-2180.25181
From 2c4de164b1f1cacdebf017c00be68e30180f3435 Mon Sep 17 00:00:00 2001 From: "liucheng (G)" <liucheng32@huawei.com> Date: Thu, 29 Aug 2019 13:47:33 +0000 Subject: [PATCH] CVE: net: fix unbounded memcpy of UDP packet MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds a check to udp_len to fix unbounded memcpy for CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reported-by: FermÃn Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com> (cherry picked from commit fe7288069d2e6659117049f7d27e261b550bb725) Signed-off-by: Matthias Brugger <mbrugger@suse.com> --- net/net.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/net.c b/net/net.c index 4259c9e321..b460d0ad5c 100644 --- a/net/net.c +++ b/net/net.c @@ -1212,6 +1212,9 @@ void net_process_received_packet(uchar *in_packet, int len) return; } + if (ntohs(ip->udp_len) < UDP_HDR_SIZE || ntohs(ip->udp_len) > ntohs(ip->ip_len)) + return; + debug_cond(DEBUG_DEV_PKT, "received UDP (to=%pI4, from=%pI4, len=%d)\n", &dst_ip, &src_ip, len);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor