openkylin
/
ppp
mirror of https://gitee.com/openkylin/ppp.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

[PATCH] pppd: Fix bounds check in EAP code 

Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname).  This fixes the check so we
actually avoid overflowing the rhostname array.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

Gbp-Pq: Name CVE-2020-8597.patch
This commit is contained in:
Paul Mackerras 2020-02-03 15:53:28 +11:00 committed by openKylinBot
parent 6437c3873b
commit beb718d338
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pppd/eap.c
View File

@ -1661,7 +1661,7 @@ int len;
}
/* Not so likely to happen. */
if (vallen >= len + sizeof (rhostname)) {
if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
@ -2251,7 +2251,7 @@ int len;
}
/* Not so likely to happen. */
if (vallen >= len + sizeof (rhostname)) {
if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';