Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Normally all requests sent via the meta connections are checked so that they cannot be larger than the input buffer. However, when packets are forwarded via meta connections, they are copied into a packet buffer without checking whether it fits into it. Since the packet buffer is allocated on the stack, this in effect allows an authenticated remote node to cause a stack overflow. This issue was found by Martin Schobert.
This commit is contained in:
Guus Sliepen
parent
9e2ae03d1d
commit
258bf7ea0f
4 changed files with 18 additions and 0 deletions
|
|
@ -52,6 +52,7 @@ char *proxyuser;
|
|||
char *proxypass;
|
||||
proxytype_t proxytype;
|
||||
int autoconnect;
|
||||
bool disablebuggypeers;
|
||||
|
||||
char *scriptinterpreter;
|
||||
char *scriptextension;
|
||||
|
|
@ -598,6 +599,8 @@ bool setup_myself_reloadable(void) {
|
|||
|
||||
get_config_int(lookup_config(config_tree, "AutoConnect"), &autoconnect);
|
||||
|
||||
get_config_bool(lookup_config(config_tree, "DisableBuggyPeers"), &disablebuggypeers);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue