Author: emaste
Date: Tue May 12 16:38:28 2020
New Revision: 360968
URL: https://svnweb.freebsd.org/changeset/base/360968
Log:
libalias: fix potential memory disclosure from ftp module
admbugs: 956
Submitted by: markj
Reported by: Vishnu Dev TJ working with Trend Micro Zero Day Initiative
Security: FreeBSD-SA-20:13.libalias
Security: CVE-2020-7455
Security: ZDI-CAN-10849
Modified:
head/sys/netinet/libalias/alias_ftp.c
Modified: head/sys/netinet/libalias/alias_ftp.c
==============================================================================
--- head/sys/netinet/libalias/alias_ftp.c Tue May 12 16:33:04 2020
(r360967)
+++ head/sys/netinet/libalias/alias_ftp.c Tue May 12 16:38:28 2020
(r360968)
@@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
{
u_short new_len;
- new_len = htons(hlen + slen);
+ new_len = htons(hlen +
+ MIN(slen, maxpacketsize - hlen));
DifferentialChecksum(&pip->ip_sum,
&new_len,
&pip->ip_len,
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
