iptables: patch CVE-2019-11360 (security fix)

[openwrt/staging/981213.git] / package / network / utils / iptables / patches / 900-fix-cve-2019-11360.patch

diff --git a/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch b/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch
new file mode 100644 (file)
index 0000000..10d8c31
--- /dev/null
+++ b/package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch
@@ -0,0 +1,13 @@
+--- a/iptables/iptables-restore.c
++++ b/iptables/iptables-restore.c
+@@ -129,6 +129,10 @@ static void add_param_to_argv(char *pars
+        * longer a real hacker, but I can live with that */
+ 
+       for (curchar = parsestart; *curchar; curchar++) {
++              if (param_len >= sizeof(param_buffer))
++                      xtables_error(PARAMETER_PROBLEM,
++                      "Parameter too long!");
++
+               if (quote_open) {
+                       if (escaped) {
+                               param_buffer[param_len++] = *curchar;