Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end

From:	Michael Tokarev
Subject:	Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end
Date:	Wed, 2 Aug 2017 17:10:32 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

17.07.2017 17:48, Samuel Thibault wrote:
> P J P, on lun. 17 juil. 2017 17:33:26 +0530, wrote:
>> From: Prasad J Pandit <address@hidden>
>>
>> While parsing dhcp options string in 'dhcp_decode', if an options'
>> length 'len' appeared towards the end of 'bp_vend' array, ensuing
>> read could lead to an OOB memory access issue. Add check to avoid it.
>>
>> Reported-by: Reno Robert <address@hidden>
>> Signed-off-by: Prasad J Pandit <address@hidden>
> 
> Oops, sure, applied to my tree, thanks!

Can we have it in 2.10 please?

This is CVE-2017-11434, which can be mentioned in the commit message.

Thanks,

/mjt

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end, Michael Tokarev <=

Prev by Date: [Qemu-devel] [PULL 3/3] io: fix qio_channel_socket_accept err handling
Next by Date: Re: [Qemu-devel] [PATCH for-2.10 5/5] tests: acpi: fix FADT not being compared to reference table
Previous by thread: [Qemu-devel] [PULL 0/3] migration queue
Next by thread: Re: [Qemu-devel] [PATCH] vl.c/exit: pause cpus before closing block devices
Index(es):
- Date
- Thread