Date: Mon, 8 Jun 2009 21:42:30 +0000 (UTC) From: Brian Somers <brian@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sbin/dhclient dhclient.c Message-ID: <200906082142.n58Lgi2l033359@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
brian 2009-06-08 21:42:30 UTC
FreeBSD src repository
Modified files:
sbin/dhclient dhclient.c
Log:
SVN rev 193765 on 2009-06-08 21:42:30Z by brian
Fix an off by one error when we limit append/prepend text sizes based on our
internal buffer sizes.
When we 'append', assume we're appending to text. Some MS dhcp servers will
give us a string with the length including the trailing NUL. when we 'append
domain-name', we get something like "search x.y\000 z" in resolv.conf :(
MFC after: 1 week
Security: A buffer overflow (by one NUL byte) was possible.
Revision Changes Path
1.26 +15 -5 src/sbin/dhclient/dhclient.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906082142.n58Lgi2l033359>