Date: Mon, 8 Jun 2009 21:42:30 +0000 (UTC) From: Brian Somers <brian@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sbin/dhclient dhclient.c Message-ID: <200906082142.n58Lgi2l033359@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
brian 2009-06-08 21:42:30 UTC FreeBSD src repository Modified files: sbin/dhclient dhclient.c Log: SVN rev 193765 on 2009-06-08 21:42:30Z by brian Fix an off by one error when we limit append/prepend text sizes based on our internal buffer sizes. When we 'append', assume we're appending to text. Some MS dhcp servers will give us a string with the length including the trailing NUL. when we 'append domain-name', we get something like "search x.y\000 z" in resolv.conf :( MFC after: 1 week Security: A buffer overflow (by one NUL byte) was possible. Revision Changes Path 1.26 +15 -5 src/sbin/dhclient/dhclient.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906082142.n58Lgi2l033359>