Skip to content
Commit 413d463f authored by Prasad J Pandit's avatar Prasad J Pandit Committed by Samuel Thibault
Browse files

slirp: check len against dhcp options array end 



While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.

This is CVE-2017-11434.

Reported-by: default avatarReno Robert <renorobert@gmail.com>
Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: default avatarSamuel Thibault <samuel.thibault@ens-lyon.org>
parent 5c843af2
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment