packages/ndisc6
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!58 [sync] PR-55: Fix potential integer overflow in parsednssl

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12
This commit is contained in:
openeuler-ci-bot 2025-01-07 13:47:34 +00:00 committed by Gitee
commit 512d0ad3c6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-Fix-potential-integer-overflow-in-parsednssl.patch Normal file
View File

@ -0,0 +1,34 @@
From fd9549c0fb0e1916ca553a1abbeebd48f608955d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
Date: Sun, 11 Feb 2024 18:29:15 +0100
Subject: [PATCH] Fix potential integer overflow in parsednssl()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
optlen is a uint8_t because the length field in the RA header is one octet
(representing the length in units of 8 octets). Later optlen is multiplied by 8
to represent the length in bytes, meaning that the variable can overflow.
Signed-off-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
---
src/ndisc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ndisc.c b/src/ndisc.c
index 1640794..b190b18 100644
--- a/src/ndisc.c
+++ b/src/ndisc.c
@@ -451,7 +451,7 @@ static int
parsednssl (const uint8_t *opt)
{
const uint8_t *base;
- uint8_t optlen = opt[1];
+ uint16_t optlen = opt[1];
if (optlen < 2)
return -1;
--
2.34.1

9
ndisc6.spec
View File

@ -1,6 +1,6 @@
Name: ndisc6 Name: ndisc6
Version: 1.0.7 Version: 1.0.7
Release: 1 Release: 2
Summary: IPv6 diagnostic tools Summary: IPv6 diagnostic tools
License: GPLv2 or GPLv3 License: GPLv2 or GPLv3
URL: http://www.remlab.net/ndisc6 URL: http://www.remlab.net/ndisc6
@ -8,6 +8,7 @@ Source0: http://www.remlab.net/files/ndisc6/%{name}-%{version}.tar.bz2
Patch0: bugfix-add-self-mac-check.patch Patch0: bugfix-add-self-mac-check.patch
Patch1: bugfix-add-SO_BINDTODEVICE.patch Patch1: bugfix-add-SO_BINDTODEVICE.patch
Patch2: backport-Fix-potential-integer-overflow-in-parsednssl.patch
BuildRequires: gcc perl-generators BuildRequires: gcc perl-generators
@ -47,6 +48,12 @@ It includes the follwing programs :
%{_mandir}/man* %{_mandir}/man*
%changelog %changelog
* Tue Jan 7 2025 yinbin <yinbin8@huawei.com> - 1.0.7-2
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: Fix potential integer overflow in parsednssl
* Thu Feb 1 2024 liubo <liubo335@huawei.com> - 1.0.7-1 * Thu Feb 1 2024 liubo <liubo335@huawei.com> - 1.0.7-1
- Type: requirement - Type: requirement
- ID: NA - ID: NA