systemd: add upstream patch for CVE-2018-15688

The patch fixes the aforementioned bug in the systemd DHCP6 client.

Details: https://nvd.nist.gov/vuln/detail/CVE-2018-15688

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

2 files changed, 24 insertions, 1 deletions

diff --git a/patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch b/patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
new file mode 100644
index 000000000..f1858b23d
--- /dev/null
+++ b/patches/systemd-239/0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
@@ -0,0 +1,22 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 19 Oct 2018 12:12:33 +0200
+Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
+ header
+
+---
+ src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
+index 18196b12573c..09794972991f 100644
+--- a/src/libsystemd-network/dhcp6-option.c
++++ b/src/libsystemd-network/dhcp6-option.c
+@@ -103,7 +103,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
+                 return -EINVAL;
+         }
+ 
+-        if (*buflen < len)
++        if (*buflen < offsetof(DHCP6Option, data) + len)
+                 return -ENOBUFS;
+ 
+         ia_hdr = *buf;
diff --git a/patches/systemd-239/series b/patches/systemd-239/series
index c75fbeb9a..bdfa3c1e8 100644
--- a/patches/systemd-239/series
+++ b/patches/systemd-239/series
@@ -1,4 +1,5 @@
 # generated by git-ptx-patches
 #tag:base --start-number 1
 0001-build-sys-Detect-whether-struct-statx-is-defined-in-.patch
-# 54d194f090a373e4c969c7c584a671c4  - git-ptx-patches magic
+0002-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
+# 69d3a3089d693a020a7338b3e119044a  - git-ptx-patches magic