File 0002-dhcp6-fix-use-after-free-on-option-parsing-failure-C.patch of Package wicked.14305

From 0b44958cf29142dda2a3f6b4d15d400c985c5ca5 Mon Sep 17 00:00:00 2001
References: CVE-2019-18902,bsc#1160903
Upstream: Yes
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 22 Jan 2020 12:42:09 +0100
Subject: [PATCH 2/3] dhcp6: fix use-after-free on option parsing failure
 (CVE-2019-18902,bsc#1160903)

ni_dhcp6_fsm_parse_client_options() frees msg->lease without clearing
it to NULL, leading to UAF.
---
 src/dhcp6/fsm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/dhcp6/fsm.c b/src/dhcp6/fsm.c
index ab558a9b..59d2c1f2 100644
--- a/src/dhcp6/fsm.c
+++ b/src/dhcp6/fsm.c
@@ -1587,6 +1587,7 @@ ni_dhcp6_fsm_parse_client_options(ni_dhcp6_device_t *dev, ni_dhcp6_message_t *ms
 	return 0;
 
 failure:
+	msg->lease = NULL;
 	ni_addrconf_lease_free(lease);
 	return -1;
 }
-- 
2.16.4