Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end

Reno Robert Mon, 17 Jul 2017 13:54:04 -0700

+            if (p + len > p_end) {

Shouldn't this be (p + len >= p_end) ?


On Mon, Jul 17, 2017 at 8:18 PM, Samuel Thibault
<samuel.thiba...@gnu.org> wrote:
> P J P, on lun. 17 juil. 2017 17:33:26 +0530, wrote:
>> From: Prasad J Pandit <p...@fedoraproject.org>
>>
>> While parsing dhcp options string in 'dhcp_decode', if an options'
>> length 'len' appeared towards the end of 'bp_vend' array, ensuing
>> read could lead to an OOB memory access issue. Add check to avoid it.
>>
>> Reported-by: Reno Robert <renorob...@gmail.com>
>> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
>
> Oops, sure, applied to my tree, thanks!
>
> Samuel



-- 
Regards,
Reno Robert
http://v0ids3curity.blogspot.in/

Re: [Qemu-devel] [PATCH] slirp: check len against dhcp options array end

Reply via email to