ip_reass: Fix use after free (!12) · Merge requests · slirp / libslirp

Samuel Thibault requested to merge sthibaul/libslirp:reass2 into master Aug 25, 2019

Using ip_deq after m_free might read pointers from an allocation reuse.

This would be difficult to exploit, but that is still related with CVE-2019-14378 which generates fragmented IP packets that would trigger this issue and at least produce a DoS.

Signed-off-by: Samuel Thibault samuel.thibault@ens-lyon.org

Admin message

ip_reass: Fix use after free

Merge request reports