Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.

Browse Source 
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
This commit is contained in:
Simon Kelley
2017-09-25 20:05:11 +01:00
parent 3d4ff1ba84
commit 33e3f1029c
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -51,6 +51,14 @@ version 2.78
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
and Kevin Hamacher of the Google Security Team for and Kevin Hamacher of the Google Security Team for
finding this. finding this.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
CVE-2017-14494 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
and Kevin Hamacher of the Google Security Team for
finding this.
version 2.77 version 2.77

3
src/rfc3315.c
View File

@@ -216,6 +216,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
for (opt = opts; opt; opt = opt6_next(opt, end)) for (opt = opts; opt; opt = opt6_next(opt, end))
{ {
if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
return 0;
}
int o = new_opt6(opt6_type(opt)); int o = new_opt6(opt6_type(opt));
if (opt6_type(opt) == OPTION6_RELAY_MSG) if (opt6_type(opt) == OPTION6_RELAY_MSG)
{ {