mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-02-01 17:00:36 +00:00
Code Issues Releases Activity

bootpd: validate hardware type

Browse Source 
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.

admbugs:	850
Reported by:	Reno Robert
Reviewed by:	markj
Approved by:	so
Security:	FreeBSD-SA-18:15.bootpd
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2018-12-19 18:16:29 +00:00
parent 53941c0a73
commit 1e13299fd8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=342227
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libexec/bootpd/bootpd.c
View File

@ -636,6 +636,10 @@ handle_request()
char *homedir, *bootfile;
int n;
if (bp->bp_htype >= hwinfocnt) {
report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
return;
}
bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
/* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */