mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-02-04 17:15:50 +00:00
Code Issues Releases Activity

dhclient: Fix the trivial buffer overruns correctly

Browse Source 
A DHCP client identifier is simply the hardware type (one byte) concatenated
with the hardware address (some variable number of bytes, but at most 16).
Limit the size of the temporary buffer to match and the rest of the
calculations shake out correctly.

This is a follow-up to the incorrect r299512, reverted in r300172.

CIDs:		1008682, 1305550
Sponsored by:	EMC / Isilon Storage Division
This commit is contained in:
Conrad Meyer 2016-05-18 23:41:55 +00:00
parent 14131c0ba4
commit fb0eab090e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=300174
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sbin/dhclient/dhclient.c
View File

@ -1570,7 +1570,7 @@ make_discover(struct interface_info *ip, struct client_lease *lease)
}
/* set unique client identifier */
char client_ident[sizeof(struct hardware)];
char client_ident[sizeof(ip->hw_address.haddr) + 1];
if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) {
int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ?
ip->hw_address.hlen : sizeof(client_ident)-1;