libalias: fix potential memory disclosure from ftp module

admbugs: 956 Submitted by: markj Reported by: Vishnu Dev TJ working with Trend Micro Zero Day Initiative Security: FreeBSD-SA-20:13.libalias Security: CVE-2020-7455 Security: ZDI-CAN-10849
svn path=/head/; revision=360968
2020-05-12 16:38:28 +00:00 · 2020-05-12 16:38:28 +00:00 · 46701f31be · 2020-12-20 02:59:44 +00:00
commit 46701f31be
parent 6461c83e09
1 changed files with 2 additions and 1 deletions
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@ -754,7 +754,8 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
 		{
 			u_short new_len;

-			new_len = htons(hlen + slen);
+			new_len = htons(hlen +
+			    MIN(slen, maxpacketsize - hlen));
 			DifferentialChecksum(&pip->ip_sum,
 			    &new_len,
 			    &pip->ip_len,