![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Pavel Rochnyack <pavel2000@ngs.ru> | |
| Mon, 3 Apr 2017 05:57:09 +0000 (11:57 +0600) | ||
| committer | Florian Forster <octo@collectd.org> | |
| Tue, 4 Apr 2017 08:48:18 +0000 (10:48 +0200) | ||
| commit | f6be4f9b49b949b379326c3d7002476e6ce4f211 | |
| tree | 6c4f4627fbab92a972843d4506ee388a6eeee404 | tree | snapshot |
| parent | 294aa61f5e961b9a9bec1e27e810a10142017db8 | commit | diff |
network plugin: Fix endless loop DOS in parse_packet()
When correct 'Signature part' is received by Collectd, configured without
AuthFile option, condition for endless loop occurs due to missing increase
of pointer to next unprocessed part.
This is a forward-port of #2233.
Fixes: CVE-2017-7401
Closes: #2174
Signed-off-by: Florian Forster <octo@collectd.org>
When correct 'Signature part' is received by Collectd, configured without
AuthFile option, condition for endless loop occurs due to missing increase
of pointer to next unprocessed part.
This is a forward-port of #2233.
Fixes: CVE-2017-7401
Closes: #2174
Signed-off-by: Florian Forster <octo@collectd.org>
| src/network.c | diff | blob | history |