ALT Linux repositórios
S: | 9.4.0-alt2 |
D: | 4.0.0-alt0.1.rc4 |
5.0: | 4.0.13-alt2 |
4.1: | 3.0.17-alt4 |
4.0: | 3.0.17-alt2.M40.1 |
3.0: | 1.3.22pl4-alt3 |
+backports: | 3.0.17-alt3.M30 |
Group :: Sistema/Servidores
RPM: dhcpcd
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
Download
Download
From 4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Fri, 19 Apr 2019 21:00:19 +0100
Subject: [PATCH] DHCP: Fix a potential 1 byte read overflow with
DHO_OPTSOVERLOADED
This fix basically moves the option length check up and also
corrects an off by one error with it.
Thanks to Maxime Villard <max@m00nbsd.net>
---
src/dhcp.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/dhcp.c b/src/dhcp.c
index f7cdefc9..e13d1b4b 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -215,6 +215,12 @@ get_option(struct dhcpcd_ctx *ctx,
}
l = *p++;
+ /* Check we can read the option data, if present */
+ if (p + l > e) {
+ errno = EINVAL;
+ return NULL;
+ }
+
if (o == DHO_OPTSOVERLOADED) {
/* Ensure we only get this option once by setting
* the last bit as well as the value.
@@ -249,10 +255,6 @@ get_option(struct dhcpcd_ctx *ctx,
bp += ol;
}
ol = l;
- if (p + ol >= e) {
- errno = EINVAL;
- return NULL;
- }
op = p;
bl += ol;
}
--
2.21.0