Date: Wed, 18 May 2016 23:41:55 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r300174 - head/sbin/dhclient Message-ID: <201605182341.u4INftgv078403@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Wed May 18 23:41:55 2016 New Revision: 300174 URL: https://svnweb.freebsd.org/changeset/base/300174 Log: dhclient: Fix the trivial buffer overruns correctly A DHCP client identifier is simply the hardware type (one byte) concatenated with the hardware address (some variable number of bytes, but at most 16). Limit the size of the temporary buffer to match and the rest of the calculations shake out correctly. This is a follow-up to the incorrect r299512, reverted in r300172. CIDs: 1008682, 1305550 Sponsored by: EMC / Isilon Storage Division Modified: head/sbin/dhclient/dhclient.c Modified: head/sbin/dhclient/dhclient.c ============================================================================== --- head/sbin/dhclient/dhclient.c Wed May 18 23:39:31 2016 (r300173) +++ head/sbin/dhclient/dhclient.c Wed May 18 23:41:55 2016 (r300174) @@ -1570,7 +1570,7 @@ make_discover(struct interface_info *ip, } /* set unique client identifier */ - char client_ident[sizeof(struct hardware)]; + char client_ident[sizeof(ip->hw_address.haddr) + 1]; if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) { int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ? ip->hw_address.hlen : sizeof(client_ident)-1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605182341.u4INftgv078403>