mirror of
https://github.com/systemd/systemd.git
synced 2024-10-28 20:25:38 +03:00
dhcp6: make sure we have enough space for the DHCP6 option header
Fixes a vulnerability originally discovered by Felix Wilhelm from Google. CVE-2018-15688 LP: #1795921 https://bugzilla.redhat.com/show_bug.cgi?id=1639067
This commit is contained in:
parent
990668aa4c
commit
4dac5eaba4
@ -106,7 +106,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (*buflen < len)
|
||||
if (*buflen < offsetof(DHCP6Option, data) + len)
|
||||
return -ENOBUFS;
|
||||
|
||||
ia_hdr = *buf;
|
||||
|
Loading…
Reference in New Issue
Block a user