aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-05-12 16:54:39 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-05-12 16:54:39 +0000
commitb1c11f9ac14d136819381962b53eb1e4c842254b (patch)
tree80e45b3ada8b4c059870822842a1dad00c6a3046
parent6c0cde56943c4da59933f6e15a22f94e0e8def09 (diff)
downloadsrc-b1c11f9ac14d136819381962b53eb1e4c842254b.tar.gz
src-b1c11f9ac14d136819381962b53eb1e4c842254b.zip
Fix memory disclosure vulnerability in libalias.
Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455
Notes
Notes: svn path=/releng/11.4/; revision=360974
-rw-r--r--sys/netinet/libalias/alias_ftp.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
index 8e7d05b4f363..81bbcb192168 100644
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -752,7 +752,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
{
u_short new_len;
- new_len = htons(hlen + slen);
+ new_len = htons(hlen +
+ MIN(slen, maxpacketsize - hlen));
DifferentialChecksum(&pip->ip_sum,
&new_len,
&pip->ip_len,