diff options
author | Jakub Janeczko | 2020-07-29 21:04:34 +0200 |
---|---|---|
committer | Jakub Janeczko | 2020-07-29 21:15:02 +0200 |
commit | ad397c2832e9f389b38016b38a90ebb66502cf47 (patch) | |
tree | ca5a65fbc129a696713aa9e0e26129725656625a /CVE-2015-3310.patch | |
download | aur-ppp-eap-mschapv2.tar.gz |
Initial commit
Diffstat (limited to 'CVE-2015-3310.patch')
-rw-r--r-- | CVE-2015-3310.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/CVE-2015-3310.patch b/CVE-2015-3310.patch new file mode 100644 index 000000000000..c8cebe3d63db --- /dev/null +++ b/CVE-2015-3310.patch @@ -0,0 +1,18 @@ +Fix buffer overflow in rc_mksid() + +rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. +If the process id is bigger than 65535 (FFFF), its hex representation will be +longer than 4 characters, resulting in a buffer overflow. + +The bug can be exploited to cause a remote DoS. +--- ppp-2.4.7/pppd/plugins/radius/util.c ++++ ppp-2.4.7/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () & 0xFFFF, + cnt & 0xFF); + cnt++; + return buf; |