commit | 9efdbc0224a0edb05e109ad8e1f127b5ac004191 | [log] [tgz] |
---|---|---|
author | Michael Roth <mdroth@linux.vnet.ibm.com> | Tue Sep 24 12:18:07 2019 -0500 |
committer | Michael Roth <mdroth@linux.vnet.ibm.com> | Tue Oct 01 17:00:56 2019 -0500 |
tree | 59bb752a81ef735516ad8e71b2b5a4edb4e20481 | |
parent | 28c1dde9aa2a22724f81134035959d1a33a57690 [diff] |
slrip: ip_reass: Fix use after free Using ip_deq after m_free might read pointers from an allocation reuse. This would be difficult to exploit, but that is still related with CVE-2019-14378 which generates fragmented IP packets that would trigger this issue and at least produce a DoS. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> (from libslirp.git commit c59279437eda91841b9d26079c70b8a540d41204) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>