Compare commits
10 Commits
e678b36c7b
...
512d0ad3c6
| Author | SHA1 | Date | |
|---|---|---|---|
|
512d0ad3c6 | ||
|
|
354a2d837a | ||
|
|
e351df485f | ||
|
|
a435f626eb | ||
|
|
b2544234d3 | ||
|
|
d0808ebdc0 | ||
|
|
930c0a8c6f | ||
|
|
689faea0d0 | ||
|
|
49d7268bd3 | ||
|
|
5a823da953 |
34
backport-Fix-potential-integer-overflow-in-parsednssl.patch
Normal file
34
backport-Fix-potential-integer-overflow-in-parsednssl.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From fd9549c0fb0e1916ca553a1abbeebd48f608955d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
|
||||
Date: Sun, 11 Feb 2024 18:29:15 +0100
|
||||
Subject: [PATCH] Fix potential integer overflow in parsednssl()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
optlen is a uint8_t because the length field in the RA header is one octet
|
||||
(representing the length in units of 8 octets). Later optlen is multiplied by 8
|
||||
to represent the length in bytes, meaning that the variable can overflow.
|
||||
|
||||
Signed-off-by: David Härdeman <david@hardeman.nu>
|
||||
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
|
||||
---
|
||||
src/ndisc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ndisc.c b/src/ndisc.c
|
||||
index 1640794..b190b18 100644
|
||||
--- a/src/ndisc.c
|
||||
+++ b/src/ndisc.c
|
||||
@@ -451,7 +451,7 @@ static int
|
||||
parsednssl (const uint8_t *opt)
|
||||
{
|
||||
const uint8_t *base;
|
||||
- uint8_t optlen = opt[1];
|
||||
+ uint16_t optlen = opt[1];
|
||||
if (optlen < 2)
|
||||
return -1;
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
||||
Binary file not shown.
BIN
ndisc6-1.0.7.tar.bz2
Normal file
BIN
ndisc6-1.0.7.tar.bz2
Normal file
Binary file not shown.
35
ndisc6.spec
35
ndisc6.spec
@ -1,6 +1,6 @@
|
||||
Name: ndisc6
|
||||
Version: 1.0.4
|
||||
Release: 4
|
||||
Version: 1.0.7
|
||||
Release: 2
|
||||
Summary: IPv6 diagnostic tools
|
||||
License: GPLv2 or GPLv3
|
||||
URL: http://www.remlab.net/ndisc6
|
||||
@ -8,6 +8,7 @@ Source0: http://www.remlab.net/files/ndisc6/%{name}-%{version}.tar.bz2
|
||||
|
||||
Patch0: bugfix-add-self-mac-check.patch
|
||||
Patch1: bugfix-add-SO_BINDTODEVICE.patch
|
||||
Patch2: backport-Fix-potential-integer-overflow-in-parsednssl.patch
|
||||
|
||||
BuildRequires: gcc perl-generators
|
||||
|
||||
@ -47,6 +48,36 @@ It includes the follwing programs :
|
||||
%{_mandir}/man*
|
||||
|
||||
%changelog
|
||||
* Tue Jan 7 2025 yinbin <yinbin8@huawei.com> - 1.0.7-2
|
||||
- Type: bugfix
|
||||
- ID: NA
|
||||
- SUG: NA
|
||||
- DESC: Fix potential integer overflow in parsednssl
|
||||
|
||||
* Thu Feb 1 2024 liubo <liubo335@huawei.com> - 1.0.7-1
|
||||
- Type: requirement
|
||||
- ID: NA
|
||||
- SUG: NA
|
||||
- DESC: update to version 1.0.7
|
||||
|
||||
* Mon Jan 9 2023 caofei <caofei@xfusion.com> - 1.0.4-7
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:restart
|
||||
- DESC: Update NEWS
|
||||
|
||||
* Sat Jan 7 2023 caofei <caofei@xfusion.com> - 1.0.4-6
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:restart
|
||||
- DESC: Update AUTHORS
|
||||
|
||||
* Fri Nov 11 2022 gaoxingwang <gaoxingwang1@huawei.com> - 1.0.4-5
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:restart
|
||||
- DESC: rdnssd: remove unused parameter
|
||||
|
||||
* Fri Apr 29 2022 gaoxingwang <gaoxingwang1@huawei.com> - 1.0.4-4
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user