RT-Task-Generator-QEMU/slirp at c16de8f59a2bcbe2dc037524cc648de896f581a4 - RT-Task-Generator-QEMU - Gitea: Git Fakultät Informatik TU Dortmund

yannick.naumann/RT-Task-Generator-QEMU

forked from alwin.berger/FRET-qemu

History

Prasad J Pandit 413d463f43 slirp: check len against dhcp options array end

While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.

This is CVE-2017-11434.

Reported-by: Reno Robert <renorobert@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

2017-08-03 00:26:44 +02:00

..

arp_table.c

slirp: Clean up includes

2016-02-04 17:41:30 +00:00

bootp.c

slirp: check len against dhcp options array end

2017-08-03 00:26:44 +02:00

bootp.h

Clean up decorations and whitespace around header guards

2016-07-12 16:20:46 +02:00

cksum.c

Use #include "..." for our own headers, <...> for others

2016-07-12 16:19:16 +02:00

COPYRIGHT

Remove the advertising clause from the slirp license

2009-01-26 19:37:41 +00:00

debug.h

slirp: Cleanup and basic reanimation of debug code

2009-06-29 08:52:46 -05:00

dhcpv6.c

slirp, disas: Replace min/max with MIN/MAX macros

2016-12-20 23:55:19 +01:00

dhcpv6.h

slirp: Add support for stateless DHCPv6

2016-07-03 23:59:42 +02:00

dnssearch.c

slirp: Use DIV_ROUND_UP

2016-06-07 18:19:25 +03:00

if.c

Use #include "..." for our own headers, <...> for others

2016-07-12 16:19:16 +02:00

if.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

ip6_icmp.c

slirp: Send RDNSS in RA only if host has an IPv6 DNS server

2017-03-29 00:51:25 +02:00

ip6_icmp.h

Clean up header guards that don't match their file name

2016-07-12 16:19:16 +02:00

ip6_input.c

slirp: Allow disabling IPv4 or IPv6

2016-04-01 17:51:55 +02:00

ip6_output.c

slirp: Adding IPv6, ICMPv6 Echo and NDP autoconfiguration

2016-03-15 10:35:00 +01:00

ip6.h

slirp: use DIV_ROUND_UP

2017-07-15 14:28:25 +02:00

ip_icmp.c

slirp: fix pinging the virtual ipv4 DNS server

2017-04-29 18:29:58 +02:00

ip_icmp.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

ip_input.c

Use #include "..." for our own headers, <...> for others

2016-07-12 16:19:16 +02:00

ip_output.c

Use #include "..." for our own headers, <...> for others

2016-07-12 16:19:16 +02:00

ip.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

libslirp.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

main.h

Clean up decorations and whitespace around header guards

2016-07-12 16:20:46 +02:00

Makefile.objs

slirp: add a fake NC-SI backend

2017-04-25 19:17:25 +08:00

mbuf.c

slirp: Convert mbufs to use g_malloc() and g_free()

2017-02-26 15:39:05 +01:00

mbuf.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

misc.c

slirp: fork_exec(): Don't close() a negative number in fork_exec()

2017-07-15 14:28:25 +02:00

misc.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

ncsi-pkt.h

slirp: add a fake NC-SI backend

2017-04-25 19:17:25 +08:00

ncsi.c

slirp: add a fake NC-SI backend

2017-04-25 19:17:25 +08:00

ndp_table.c

slirp: Adding IPv6, ICMPv6 Echo and NDP autoconfiguration

2016-03-15 10:35:00 +01:00

sbuf.c

slirp: Handle error returns from sosendoob()

2017-07-15 14:28:25 +02:00

sbuf.h

slirp: VMStatify sbuf

2017-04-29 18:44:16 +02:00

slirp_config.h

slirp: Remove obsolete backward-compatibility cruft

2016-05-16 20:58:47 +02:00

slirp.c

migration: Split registration functions from vmstate.h

2017-06-13 11:00:44 +02:00

slirp.h

slirp: add a fake NC-SI backend

2017-04-25 19:17:25 +08:00

socket.c

slirp: Handle error returns from sosendoob()

2017-07-15 14:28:25 +02:00

socket.h

slirp: VMStatify socket level

2017-04-29 18:44:16 +02:00

tcp_input.c

slirp: Fix wrong mss bug.

2017-05-27 23:34:47 +02:00

tcp_output.c

slirp, disas: Replace min/max with MIN/MAX macros

2016-12-20 23:55:19 +01:00

tcp_subr.c

Fix total IP header length in forwarded TCP packets

2017-05-27 23:35:00 +02:00

tcp_timer.c

slirp, disas: Replace min/max with MIN/MAX macros

2016-12-20 23:55:19 +01:00

tcp_timer.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

tcp_var.h

slirp: VMState conversion; tcpcb

2017-04-29 18:44:16 +02:00

tcp.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00

tcpip.h

slirp, disas: Replace min/max with MIN/MAX macros

2016-12-20 23:55:19 +01:00

tftp.c

slirp: tftp, copy sockaddr_size

2017-04-29 18:29:58 +02:00

tftp.h

slirp: support dynamic block size for TFTP transfers

2016-12-21 00:02:15 +01:00

udp6.c

slirp: Add support for stateless DHCPv6

2016-07-03 23:59:42 +02:00

udp.c

slirp: Check qemu_socket() return value in udp_listen()

2017-02-26 15:38:38 +01:00

udp.h

Clean up ill-advised or unusual header guards

2016-07-12 16:20:46 +02:00