diff options
Diffstat (limited to 'meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch')
-rw-r--r-- | meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch deleted file mode 100644 index c83e6ab512..0000000000 --- a/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0fe108ecb2bbdf684f159950eaa55d22f07c4008 Mon Sep 17 00:00:00 2001 -From: Catalin Enache <catalin.enache@windriver.com> -Date: Wed, 20 Apr 2016 15:17:18 +0300 -Subject: [PATCH] pinger: Fix buffer overflow in Icmp6::Recv - -Upstream-Status: Backport -CVE: CVE-2016-3947 - -Author: Yuriy M. Kaminskiy <yumkam@gmail.com> -Committer: Amos Jeffries <squid3@treenet.co.nz -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - src/icmp/Icmp6.cc | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/icmp/Icmp6.cc b/src/icmp/Icmp6.cc -index 794a51a..ee84b80 100644 ---- a/src/icmp/Icmp6.cc -+++ b/src/icmp/Icmp6.cc -@@ -256,7 +256,7 @@ Icmp6::Recv(void) - #define ip6_hops // HOPS!!! (can it be true??) - - ip = (struct ip6_hdr *) pkt; -- pkt += sizeof(ip6_hdr); -+ NP: echo size needs to +sizeof(ip6_hdr); - - debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt << - ", ip6_plen=" << ip->ip6_plen << -@@ -267,7 +267,6 @@ Icmp6::Recv(void) - */ - - icmp6header = (struct icmp6_hdr *) pkt; -- pkt += sizeof(icmp6_hdr); - - if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) { - -@@ -292,7 +291,7 @@ Icmp6::Recv(void) - return; - } - -- echo = (icmpEchoData *) pkt; -+ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr)); - - preply.opcode = echo->opcode; - --- -2.7.4 - |