diff options
author | Clemens Gruber <clemens.gruber@pqgruber.com> | 2018-11-19 16:03:55 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-11-19 20:43:43 +0100 |
commit | c98a95da4055647be9824febcbdf2207b72f3e1b (patch) | |
tree | cbd54003e889e22d3960000ececc497f86ef2334 /patches | |
parent | ca33480c71eb6cf2e840951a89fe9fea253d2567 (diff) | |
download | ptxdist-c98a95da4055647be9824febcbdf2207b72f3e1b.tar.gz ptxdist-c98a95da4055647be9824febcbdf2207b72f3e1b.tar.xz |
systemd: add upstream patch for CVE-2018-15688
The patch fixes the aforementioned bug in the systemd DHCP6 client.
Details: https://nvd.nist.gov/vuln/detail/CVE-2018-15688
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'patches')
-rw-r--r-- | patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch | 22 | ||||
-rw-r--r-- | patches/systemd-239/series | 3 |
2 files changed, 24 insertions, 1 deletions
diff --git a/patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch b/patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch new file mode 100644 index 000000000..f1858b23d --- /dev/null +++ b/patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch @@ -0,0 +1,22 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 19 Oct 2018 12:12:33 +0200 +Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option + header + +--- + src/libsystemd-network/dhcp6-option.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c +index 18196b12573c..09794972991f 100644 +--- a/src/libsystemd-network/dhcp6-option.c ++++ b/src/libsystemd-network/dhcp6-option.c +@@ -103,7 +103,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) { + return -EINVAL; + } + +- if (*buflen < len) ++ if (*buflen < offsetof(DHCP6Option, data) + len) + return -ENOBUFS; + + ia_hdr = *buf; diff --git a/patches/systemd-239/series b/patches/systemd-239/series index c75fbeb9a..bdfa3c1e8 100644 --- a/patches/systemd-239/series +++ b/patches/systemd-239/series @@ -1,4 +1,5 @@ # generated by git-ptx-patches #tag:base --start-number 1 0001-build-sys-Detect-whether-struct-statx-is-defined-in-.patch -# 54d194f090a373e4c969c7c584a671c4 - git-ptx-patches magic +0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch +# 69d3a3089d693a020a7338b3e119044a - git-ptx-patches magic |