Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
radvd.import5316
bnc721968_4.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc721968_4.patch of Package radvd.import5316
References: CVE-2011-3604, bnc#721968 commit 7de1b9abf87b747ee2611c0d2a94dfeee79878b4 Author: Vasiliy Kulikov <segoon@openwall.com> Date: Tue Oct 4 00:35:57 2011 -0700 process_ra() has numerous missed len checks. It leads to buffer overreads. Index: radvd-1.3/process.c =================================================================== --- radvd-1.3.orig/process.c 2011-10-19 12:17:27.000000000 +0200 +++ radvd-1.3/process.c 2011-10-19 12:20:31.000000000 +0200 @@ -308,6 +308,8 @@ process_ra(struct Interface *iface, unsi { case ND_OPT_MTU: mtu = (struct nd_opt_mtu *)opt_str; + if (len < sizeof(*mtu)) + return; if (iface->AdvLinkMTU && (ntohl(mtu->nd_opt_mtu_mtu) != iface->AdvLinkMTU)) { @@ -317,6 +319,8 @@ process_ra(struct Interface *iface, unsi break; case ND_OPT_PREFIX_INFORMATION: pinfo = (struct nd_opt_prefix_info *) opt_str; + if (len < sizeof(*pinfo)) + return; preferred = ntohl(pinfo->nd_opt_pi_preferred_time); valid = ntohl(pinfo->nd_opt_pi_valid_time); @@ -371,6 +375,8 @@ process_ra(struct Interface *iface, unsi break; case ND_OPT_RDNSS_INFORMATION: rdnssinfo = (struct nd_opt_rdnss_info_local *) opt_str; + if (len < sizeof(*rdnssinfo)) + return; count = rdnssinfo->nd_opt_rdnssi_len; /* Check the RNDSS addresses received */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor