| commit | 282fc60ed4bbf30f0c74fe0434053b472eca356b | [log] [tgz] |
|---|---|---|
| author | Peter Korsgaard <peter@korsgaard.com> | Fri Nov 27 18:25:15 2020 +0100 |
| committer | Peter Korsgaard <peter@korsgaard.com> | Sat Nov 28 08:53:57 2020 +0100 |
| tree | bacec0b8135ddbeb4001081b706f29052996f83d | |
| parent | 7e237b79ad138dd296477c7ed631ca83f5145fc5 [diff] |
package/slirp: add upstream security fix for CVE-2020-29129 / CVE-2020-29130 While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input' routines, ensure that pkt_len is large enough to accommodate the respective protocol headers, lest it should do an OOB access. Add check to avoid it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>