haraldwolff
/
qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/slirp
History
Michael Roth 9efdbc0224 slrip: ip_reass: Fix use after free 
Using ip_deq after m_free might read pointers from an allocation reuse.

This would be difficult to exploit, but that is still related with
CVE-2019-14378 which generates fragmented IP packets that would trigger this
issue and at least produce a DoS.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(from libslirp.git commit c59279437eda91841b9d26079c70b8a540d41204)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2019-10-01 17:00:56 -05:00
..
COPYRIGHT Remove the advertising clause from the slirp license 2009-01-26 19:37:41 +00:00
Makefile.objs slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
arp_table.c slirp/debug: Print IP addresses in human readable form 2018-05-31 21:19:24 +02:00
bootp.c slirp: Implement RFC2132 TFTP server name 2018-10-21 21:24:55 +02:00
bootp.h slirp: Implement RFC2132 TFTP server name 2018-10-21 21:24:55 +02:00
cksum.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
debug.h slirp: Cleanup and basic reanimation of debug code 2009-06-29 08:52:46 -05:00
dhcpv6.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
dhcpv6.h slirp: add in6_dhcp_multicast() 2018-01-14 18:16:13 +01:00
dnssearch.c slirp: Use DIV_ROUND_UP 2016-06-07 18:19:25 +03:00
if.c slirp: Add a special case for the NULL socket 2017-09-24 20:04:09 +02:00
if.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ip.h slirp: removed unused code 2018-01-14 18:16:13 +01:00
ip6.h slirp: use DIV_ROUND_UP 2017-07-15 14:28:25 +02:00
ip6_icmp.c qemu-timer: avoid checkpoints for virtual clock timers in external subsystems 2018-10-19 13:44:03 +02:00
ip6_icmp.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
ip6_input.c slirp: Allow disabling IPv4 or IPv6 2016-04-01 17:51:55 +02:00
ip6_output.c slirp: Adding IPv6, ICMPv6 Echo and NDP autoconfiguration 2016-03-15 10:35:00 +01:00
ip_icmp.c slirp: Remove code that handles socreate() failure 2018-11-10 15:07:53 +01:00
ip_icmp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ip_input.c slrip: ip_reass: Fix use after free 2019-10-01 17:00:56 -05:00
ip_output.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
libslirp.h slirp: Implement RFC2132 TFTP server name 2018-10-21 21:24:55 +02:00
main.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
mbuf.c slirp: document mbuf pointers and sizes 2018-10-07 19:40:30 +02:00
mbuf.h slirp: document mbuf pointers and sizes 2018-10-07 19:40:30 +02:00
misc.c slirp: fork_exec(): create and connect child socket before fork() 2018-11-10 15:07:53 +01:00
misc.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ncsi-pkt.h slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
ncsi.c slirp/ncsi: add checksum support 2018-05-31 21:19:24 +02:00
ndp_table.c slirp: avoid IN6_IS_ADDR_UNSPECIFIED(), rather use in6_zero() 2018-01-14 18:16:13 +01:00
sbuf.c slirp: Handle error returns from sosendoob() 2017-07-15 14:28:25 +02:00
sbuf.h slirp: VMStatify sbuf 2017-04-29 18:44:16 +02:00
slirp.c slirp: Remove code that handles socreate() failure 2018-11-10 15:07:53 +01:00
slirp.h slirp: Implement RFC2132 TFTP server name 2018-10-21 21:24:55 +02:00
slirp_config.h slirp: Remove obsolete backward-compatibility cruft 2016-05-16 20:58:47 +02:00
socket.c slirp: Remove code that handles socreate() failure 2018-11-10 15:07:53 +01:00
socket.h slirp: VMStatify socket level 2017-04-29 18:44:16 +02:00
tcp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
tcp_input.c slirp: Remove code that handles socreate() failure 2018-11-10 15:07:53 +01:00
tcp_output.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tcp_subr.c slirp: check data length while emulating ident function 2019-07-30 15:15:46 -05:00
tcp_timer.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tcp_timer.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
tcp_var.h slirp: VMState conversion; tcpcb 2017-04-29 18:44:16 +02:00
tcpip.h slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tftp.c slirp: tftp, copy sockaddr_size 2017-04-29 18:29:58 +02:00
tftp.h slirp: support dynamic block size for TFTP transfers 2016-12-21 00:02:15 +01:00
udp.c slirp: Remove code that handles socreate() failure 2018-11-10 15:07:53 +01:00
udp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
udp6.c slirp: Remove code that handles socreate() failure 2018-11-10 15:07:53 +01:00