Date: Wed, 18 May 2016 17:26:12 -0700 (PDT) From: Don Lewis <truckman@FreeBSD.org> To: cem@FreeBSD.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r300174 - head/sbin/dhclient Message-ID: <201605190026.u4J0QCD2080759@gw.catspoiler.org> In-Reply-To: <201605182341.u4INftgv078403@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 May, Conrad E. Meyer wrote: > Author: cem > Date: Wed May 18 23:41:55 2016 > New Revision: 300174 > URL: https://svnweb.freebsd.org/changeset/base/300174 > > Log: > dhclient: Fix the trivial buffer overruns correctly > > A DHCP client identifier is simply the hardware type (one byte) concatenated > with the hardware address (some variable number of bytes, but at most 16). > Limit the size of the temporary buffer to match and the rest of the > calculations shake out correctly. > > This is a follow-up to the incorrect r299512, reverted in r300172. > > CIDs: 1008682, 1305550 > Sponsored by: EMC / Isilon Storage Division > > Modified: > head/sbin/dhclient/dhclient.c > > Modified: head/sbin/dhclient/dhclient.c > ============================================================================== > --- head/sbin/dhclient/dhclient.c Wed May 18 23:39:31 2016 (r300173) > +++ head/sbin/dhclient/dhclient.c Wed May 18 23:41:55 2016 (r300174) > @@ -1570,7 +1570,7 @@ make_discover(struct interface_info *ip, > } > > /* set unique client identifier */ > - char client_ident[sizeof(struct hardware)]; > + char client_ident[sizeof(ip->hw_address.haddr) + 1]; > if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) { > int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ? > ip->hw_address.hlen : sizeof(client_ident)-1; > That might work as well.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605190026.u4J0QCD2080759>