aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Pavlinec <jan.pavlinec@nic.cz>2019-08-15 12:51:52 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2019-08-17 17:23:17 +0200
commit564d81e944b85f16afbe0b52741ce99cf4f3c50c (patch)
tree601b4806ab6d2f2e861e1aede81e8e90463b91bc
parent5e3b21c91647f72e73a550f3059fa7ea8146759f (diff)
downloadupstream-564d81e944b85f16afbe0b52741ce99cf4f3c50c.tar.gz
upstream-564d81e944b85f16afbe0b52741ce99cf4f3c50c.tar.bz2
upstream-564d81e944b85f16afbe0b52741ce99cf4f3c50c.zip
iptables: patch CVE-2019-11360 (security fix)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
-rw-r--r--package/network/utils/iptables/Makefile2
-rw-r--r--package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch13
2 files changed, 14 insertions, 1 deletions
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 9c7179c51d..ac3712b498 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
PKG_VERSION:=1.6.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://git.netfilter.org/iptables
diff --git a/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch b/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch
new file mode 100644
index 0000000000..10d8c31ee9
--- /dev/null
+++ b/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch
@@ -0,0 +1,13 @@
+--- a/iptables/iptables-restore.c
++++ b/iptables/iptables-restore.c
+@@ -129,6 +129,10 @@ static void add_param_to_argv(char *pars
+ * longer a real hacker, but I can live with that */
+
+ for (curchar = parsestart; *curchar; curchar++) {
++ if (param_len >= sizeof(param_buffer))
++ xtables_error(PARAMETER_PROBLEM,
++ "Parameter too long!");
++
+ if (quote_open) {
+ if (escaped) {
+ param_buffer[param_len++] = *curchar;