Fix memory disclosure vulnerability in libalias.

Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455
author: Gordon Tetlow <gordon@FreeBSD.org> 2020-05-12 16:54:39 +0000
committer: Gordon Tetlow <gordon@FreeBSD.org> 2020-05-12 16:54:39 +0000
commit: 86a708f14714227355524b2d55ac956c2c4baf64 (patch)
tree: c8f5a2985be5bc0df1e703526fe38f42c73fa500
parent: 8f442d6baad809e315e3ec4506c64920066d7fb9 (diff)
download: src-test2-86a708f14714227355524b2d55ac956c2c4baf64.tar.gz
src-test2-86a708f14714227355524b2d55ac956c2c4baf64.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
index ee93f4c5b14b..f8e0a703345d 100644
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
 		{
 			u_short new_len;
 
-			new_len = htons(hlen + slen);
+			new_len = htons(hlen +
+			    MIN(slen, maxpacketsize - hlen));
 			DifferentialChecksum(&pip->ip_sum,
 			    &new_len,
 			    &pip->ip_len,
author	Gordon Tetlow <gordon@FreeBSD.org>	2020-05-12 16:54:39 +0000
committer	Gordon Tetlow <gordon@FreeBSD.org>	2020-05-12 16:54:39 +0000
commit	86a708f14714227355524b2d55ac956c2c4baf64 (patch)
tree	c8f5a2985be5bc0df1e703526fe38f42c73fa500
parent	8f442d6baad809e315e3ec4506c64920066d7fb9 (diff)
download	src-test2-86a708f14714227355524b2d55ac956c2c4baf64.tar.gz src-test2-86a708f14714227355524b2d55ac956c2c4baf64.zip