Merge branch 'master' into staging

author: Marius Bakke <[email protected]> 2017-08-26 15:34:29 +0200
committer: Marius Bakke <[email protected]> 2017-08-26 15:34:29 +0200
commit: 4028fd395e6d7f80f7bbeb4ff616b6b89b0bf654 (patch)
tree: 17bac0c3211a872d3a0292cae20347718ecdd5f7 /gnu/packages/patches/qemu-CVE-2017-11434.patch
parent: 9d1cc6bc69d53bf8ad45ac94bc3c268125f86359 (diff)
parent: 72e2815d18ad688b0a16ce3b3efba1172423cec4 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch
new file mode 100644
index 0000000000..4da701a73d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11434.patch
@@ -0,0 +1,25 @@
+Fix CVE-2017-11434:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1472611
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
+https://security-tracker.debian.org/tracker/CVE-2017-11434
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c182..5dd1a415b5 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {
author	Marius Bakke <[email protected]>	2017-08-26 15:34:29 +0200
committer	Marius Bakke <[email protected]>	2017-08-26 15:34:29 +0200
commit	4028fd395e6d7f80f7bbeb4ff616b6b89b0bf654 (patch)
tree	17bac0c3211a872d3a0292cae20347718ecdd5f7 /gnu/packages/patches/qemu-CVE-2017-11434.patch
parent	9d1cc6bc69d53bf8ad45ac94bc3c268125f86359 (diff)
parent	72e2815d18ad688b0a16ce3b3efba1172423cec4 (diff)