]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 28c1dde) | patch
slrip: ip_reass: Fix use after free
authorMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 24 Sep 2019 17:18:07 +0000 (12:18 -0500)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 1 Oct 2019 22:00:56 +0000 (17:00 -0500)
commit9efdbc0224a0edb05e109ad8e1f127b5ac004191
tree59bb752a81ef735516ad8e71b2b5a4edb4e20481tree
parent28c1dde9aa2a22724f81134035959d1a33a57690commit | diff
slrip: ip_reass: Fix use after free

Using ip_deq after m_free might read pointers from an allocation reuse.

This would be difficult to exploit, but that is still related with
CVE-2019-14378 which generates fragmented IP packets that would trigger this
issue and at least produce a DoS.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(from libslirp.git commit c59279437eda91841b9d26079c70b8a540d41204)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
slirp/ip_input.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git