libalias: fix potential memory disclosure from ftp module
admbugs: 956 Submitted by: markj Reported by: Vishnu Dev TJ working with Trend Micro Zero Day Initiative Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455 Security: ZDI-CAN-10849
This commit is contained in:
parent
6461c83e09
commit
46701f31be
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=360968
@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
|
||||
{
|
||||
u_short new_len;
|
||||
|
||||
new_len = htons(hlen + slen);
|
||||
new_len = htons(hlen +
|
||||
MIN(slen, maxpacketsize - hlen));
|
||||
DifferentialChecksum(&pip->ip_sum,
|
||||
&new_len,
|
||||
&pip->ip_len,
|
||||
|
Loading…
Reference in New Issue
Block a user