diff options
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch')
| -rw-r--r-- | app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch deleted file mode 100644 index 5d32067c7a05..000000000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch +++ /dev/null @@ -1,29 +0,0 @@ -[Qemu-devel] [PATCH] slirp: check len against dhcp options array end -From: Prasad J Pandit <address@hidden> - -While parsing dhcp options string in 'dhcp_decode', if an options' -length 'len' appeared towards the end of 'bp_vend' array, ensuing -read could lead to an OOB memory access issue. Add check to avoid it. - -Reported-by: Reno Robert <address@hidden> -Signed-off-by: Prasad J Pandit <address@hidden> ---- - slirp/bootp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/slirp/bootp.c b/slirp/bootp.c -index 5a4646c..5dd1a41 100644 ---- a/slirp/bootp.c -+++ b/slirp/bootp.c -@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, - if (p >= p_end) - break; - len = *p++; -+ if (p + len > p_end) { -+ break; -+ } - DPRINTF("dhcp: tag=%d len=%d\n", tag, len); - - switch(tag) { --- -2.9.4 |