Add project for OpenWRT mdnsd CVE-2020-11750 #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Nice job on the CVE and submission. Can you add to the PR changes to github actions (.github directory) to build this directory? |
dbrumley
reviewed
Jul 16, 2020
| # OpenWRT mdns CVE-2020-11750 | ||
|
|
||
| Three out-of-bounds access issues were found in OpenWRT's mdns. They were reported to the OpenWRT security address on April 9 2020, and a fix ([1](https://git.openwrt.org/?p=project/mdnsd.git;a=commit;h=e74a3f9883199e9db7220d52b78e5fbdb4441ca3), [2](https://git.openwrt.org/?p=project/mdnsd.git;a=commit;h=cdac0460ba50dc45735f0be2e19a5a8efc3dafe1)) was released soon after. | ||
|
|
There was a problem hiding this comment.
Please edit to line length <80 chars
Please add link to https://openwrt.org/advisory/2020-05-06-1
| We have included a proof of concept output under the `poc` | ||
| directory. | ||
|
|
||
| > Note: Fuzzing has some degree of non-determinism, so when you run |
There was a problem hiding this comment.
Copy-paste bug. Please remove.
There was a problem hiding this comment.
Remove this whole section or just the reference to Oniguruma regex?
| @@ -0,0 +1,369 @@ | |||
| /* This is a modified version of: | |||
| * https://git.openwrt.org/?p=project/mdnsd.git;a=blob_plain;f=dns.c;hb=45c4953b602962ae7ff335d9a346000f00680952 | |||
| */ | |||
There was a problem hiding this comment.
I assume this is the GPL code. Just add to the comment the code is GPL'ed. Fine to add to the repo; there isn't any intellectual property here in the stand-alone binary created we'd be worried about.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TODO: Uses modified code from OpenWRT (GPLv2) and musl libc (MIT). Please suggest if I should include the licenses, annotate the source file, ...