diff options
author | Gordon Tetlow <gordon@FreeBSD.org> | 2020-05-12 16:54:39 +0000 |
---|---|---|
committer | Gordon Tetlow <gordon@FreeBSD.org> | 2020-05-12 16:54:39 +0000 |
commit | 86a708f14714227355524b2d55ac956c2c4baf64 (patch) | |
tree | c8f5a2985be5bc0df1e703526fe38f42c73fa500 | |
parent | 8f442d6baad809e315e3ec4506c64920066d7fb9 (diff) | |
download | src-test2-86a708f14714227355524b2d55ac956c2c4baf64.tar.gz src-test2-86a708f14714227355524b2d55ac956c2c4baf64.zip |
Fix memory disclosure vulnerability in libalias.
Approved by: so
Approved by: re (implicit)
Security: FreeBSD-SA-20:13.libalias
Security: CVE-2020-7455
Notes
Notes:
svn path=/releng/12.1/; revision=360974
-rw-r--r-- | sys/netinet/libalias/alias_ftp.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c index ee93f4c5b14b..f8e0a703345d 100644 --- a/sys/netinet/libalias/alias_ftp.c +++ b/sys/netinet/libalias/alias_ftp.c @@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip, { u_short new_len; - new_len = htons(hlen + slen); + new_len = htons(hlen + + MIN(slen, maxpacketsize - hlen)); DifferentialChecksum(&pip->ip_sum, &new_len, &pip->ip_len, |