aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-05-12 16:54:39 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-05-12 16:54:39 +0000
commit86a708f14714227355524b2d55ac956c2c4baf64 (patch)
treec8f5a2985be5bc0df1e703526fe38f42c73fa500
parent8f442d6baad809e315e3ec4506c64920066d7fb9 (diff)
downloadsrc-86a708f14714227355524b2d55ac956c2c4baf64.tar.gz
src-86a708f14714227355524b2d55ac956c2c4baf64.zip
Fix memory disclosure vulnerability in libalias.
Approved by: so Approved by: re (implicit) Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455
Notes
Notes: svn path=/releng/12.1/; revision=360974
-rw-r--r--sys/netinet/libalias/alias_ftp.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
index ee93f4c5b14b..f8e0a703345d 100644
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
{
u_short new_len;
- new_len = htons(hlen + slen);
+ new_len = htons(hlen +
+ MIN(slen, maxpacketsize - hlen));
DifferentialChecksum(&pip->ip_sum,
&new_len,
&pip->ip_len,