diff options
author | Jan Pavlinec <jan.pavlinec@nic.cz> | 2019-08-15 12:51:52 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-17 17:23:17 +0200 |
commit | 564d81e944b85f16afbe0b52741ce99cf4f3c50c (patch) | |
tree | 601b4806ab6d2f2e861e1aede81e8e90463b91bc | |
parent | 5e3b21c91647f72e73a550f3059fa7ea8146759f (diff) | |
download | upstream-564d81e944b85f16afbe0b52741ce99cf4f3c50c.tar.gz upstream-564d81e944b85f16afbe0b52741ce99cf4f3c50c.tar.bz2 upstream-564d81e944b85f16afbe0b52741ce99cf4f3c50c.zip |
iptables: patch CVE-2019-11360 (security fix)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
-rw-r--r-- | package/network/utils/iptables/Makefile | 2 | ||||
-rw-r--r-- | package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch | 13 |
2 files changed, 14 insertions, 1 deletions
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 9c7179c51d..ac3712b498 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables PKG_VERSION:=1.6.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://git.netfilter.org/iptables diff --git a/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch b/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch new file mode 100644 index 0000000000..10d8c31ee9 --- /dev/null +++ b/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch @@ -0,0 +1,13 @@ +--- a/iptables/iptables-restore.c ++++ b/iptables/iptables-restore.c +@@ -129,6 +129,10 @@ static void add_param_to_argv(char *pars + * longer a real hacker, but I can live with that */ + + for (curchar = parsestart; *curchar; curchar++) { ++ if (param_len >= sizeof(param_buffer)) ++ xtables_error(PARAMETER_PROBLEM, ++ "Parameter too long!"); ++ + if (quote_open) { + if (escaped) { + param_buffer[param_len++] = *curchar; |