Re: [Dnsmasq-discuss] dnsmasq doesn't reply the last option of dhcpv6 relay-forward packet after applying the patch of CVE-2017-14494

Simon Kelley Wed, 14 Feb 2018 14:51:43 -0800

You're right. Apologies for letting that slip through.

Patch applied.


Cheers,

Simon.



On 06/02/18 08:10, yiwenchen wrote:
> Hi,
>  
> I found that dnsmasq doesn't reply dhcpv6 relay-forward packets after
> applying the patch of CVE-2017-14494.
> It seems like the boundary check in the patch is wrong.
>  
> The following commit should fix the problem.
> Could you please help confirm the issue?
> Thank you very much.
>  
>  
> ---
>  src/rfc3315.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  
> diff --git a/src/rfc3315.c b/src/rfc3315.c
> index c3c1c95..99b310a 100644
> --- a/src/rfc3315.c
> +++ b/src/rfc3315.c
> @@ -216,7 +216,7 @@ static int dhcp6_maybe_relay(struct state *state,
> void *inbuff, size_t sz,
>  
>    for (opt = opts; opt; opt = opt6_next(opt, end))
>      {
> - if (opt6_ptr(opt, 0) + opt6_len(opt) >= end) {
> + if (opt6_ptr(opt, 0) + opt6_len(opt) > end) {
>          return 0;
>        }
>        int o = new_opt6(opt6_type(opt));
> --
> 1.9.1
>  
> Best Regards,
> Yiwen
>  
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq doesn't reply the last option of dhcpv6 relay-forward packet after applying the patch of CVE-2017-14494

Reply via email to