Date: Thu, 15 Apr 2021 19:11:53 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 255098] dhclient dns-label compression bug Message-ID: <bug-255098-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255098 Bug ID: 255098 Summary: dhclient dns-label compression bug Product: Base System Version: 12.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: paul@redbarn.org Created attachment 224142 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D224142&action= =3Dedit patch to fix a decompression bug long since fixed upstream there is a bug in the dns-label decompression logic here, discovered by auditing the code at mark andrews' behest, after reading the forescout repo= rt which unfairly maligned freebsd has having a vulnerability in its "stack". this code is a copy of something in libresolv, and this bug was fixed long = ago in libresolv, and in ISC DHCP, but not in the freebsd (by way of openbsd) version. therefore, see attached patch. 0xC0 is 0b11000000. the "11" indicates a 14-bit compression pointer (offset from the start of the message). other patterns are "01" and "10" which have sometimes been defined but are currently reserved. only where the pattern is "11" should the 14-bit compression pointer be use= d. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255098-227>