[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end
From: |
Michael Tokarev |
Subject: |
Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end |
Date: |
Wed, 2 Aug 2017 17:10:32 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
17.07.2017 17:48, Samuel Thibault wrote:
> P J P, on lun. 17 juil. 2017 17:33:26 +0530, wrote:
>> From: Prasad J Pandit <address@hidden>
>>
>> While parsing dhcp options string in 'dhcp_decode', if an options'
>> length 'len' appeared towards the end of 'bp_vend' array, ensuing
>> read could lead to an OOB memory access issue. Add check to avoid it.
>>
>> Reported-by: Reno Robert <address@hidden>
>> Signed-off-by: Prasad J Pandit <address@hidden>
>
> Oops, sure, applied to my tree, thanks!
Can we have it in 2.10 please?
This is CVE-2017-11434, which can be mentioned in the commit message.
Thanks,
/mjt
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end,
Michael Tokarev <=