shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-10-28 20:25:38 +03:00
Code

dhcp6: make sure we have enough space for the DHCP6 option header

Browse Source 
Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.

CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
This commit is contained in:
Lennart Poettering 2018-10-19 12:12:33 +02:00
parent 990668aa4c
commit 4dac5eaba4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libsystemd-network/dhcp6-option.c
View File

@ -106,7 +106,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia) {
return -EINVAL;
}
if (*buflen < len)
if (*buflen < offsetof(DHCP6Option, data) + len)
return -ENOBUFS;
ia_hdr = *buf;