Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Nov 2022 20:41:49 GMT
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 56bfa62faab4 - stable/12 - dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
Message-ID:  <202211212041.2ALKfnnJ064125@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=56bfa62faab489e6b1f1c1fa849a0eea2667825e

commit 56bfa62faab489e6b1f1c1fa849a0eea2667825e
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-11-14 14:20:09 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-11-21 20:41:07 +0000

    dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
    
    Else out-of-bound reads and undefined behaviour may happen.
    The current code only checked for the presence of the first of four bytes.
    Make sure the fields in question have the minium size required.
    
    No functional change intended.
    
    Reviewed by:    rrs@
    Sponsored by:   NVIDIA Networking
    
    (cherry picked from commit 3492caf512ae090816b4ffa275be43b2f5cfc460)
---
 sbin/dhclient/dhclient.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 628490874e69..f266a4aa3761 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -798,7 +798,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->expiry = getULong(
 		    ip->client->config->defaults[DHO_DHCP_LEASE_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].data)
+        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].len >= 4)
 		ip->client->new->expiry = getULong(
 		    ip->client->new->options[DHO_DHCP_LEASE_TIME].data);
 	else
@@ -821,7 +821,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->renewal = getULong(
 		    ip->client->config->defaults[DHO_DHCP_RENEWAL_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len >= 4)
 		ip->client->new->renewal = getULong(
 		    ip->client->new->options[DHO_DHCP_RENEWAL_TIME].data);
 	else
@@ -835,7 +835,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->rebind = getULong(
 		    ip->client->config->defaults[DHO_DHCP_REBINDING_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len >= 4)
 		ip->client->new->rebind = getULong(
 		    ip->client->new->options[DHO_DHCP_REBINDING_TIME].data);
 	else

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211212041.2ALKfnnJ064125>