iptables: patch CVE-2019-11360 (security fix)

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
openwrt-18.06
Jan Pavlinec 2019-08-15 12:51:52 +02:00 committed by Hauke Mehrtens
parent 5e3b21c916
commit 564d81e944
2 changed files with 14 additions and 1 deletions

View File

@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
PKG_VERSION:=1.6.2
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://git.netfilter.org/iptables

View File

@ -0,0 +1,13 @@
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -129,6 +129,10 @@ static void add_param_to_argv(char *pars
* longer a real hacker, but I can live with that */
for (curchar = parsestart; *curchar; curchar++) {
+ if (param_len >= sizeof(param_buffer))
+ xtables_error(PARAMETER_PROBLEM,
+ "Parameter too long!");
+
if (quote_open) {
if (escaped) {
param_buffer[param_len++] = *curchar;