From nobody Mon Nov 14 15:48:04 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N9txc3ldGz4hQJC;
	Mon, 14 Nov 2022 15:48:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4N9txc3FwGz42QG;
	Mon, 14 Nov 2022 15:48:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1668440884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=LwEyIzH20B5opVAxGK5eKp0e5uzzQ+0FWx7knjL1n1E=;
	b=UNd0aLIaajUOwdzdOUC3Axb71OuJvUG+sExcQqgBl/Jop5Oa5vH0Bu+2awo3wWthEva2ZO
	aCndhqgsoy7SM2j57w/h7H+jtn0x0ShiTaefcDDVRPErmcA31VUTr1wqQqdaDFH/W0DHCR
	VNT4IyJyl10y964amwTov5hzTts637YPogwAQsmHVMQ7MoCZVKV3cn/vhGxiqW3g685nn/
	YM16HopD+EaDIrcwbunn/9f36/zvnNQfA45/aJ2RzewaCqMkxGv9HUlNarBUvhp9Uij3rC
	pTP7h2C8wnZQ3phx221jhHOrNk8nCt/STwxvHihL3FvnC6gmENHIrwzLiz3Smg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1668440884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=LwEyIzH20B5opVAxGK5eKp0e5uzzQ+0FWx7knjL1n1E=;
	b=J4dHxzjpvspXJm01T9M6QdEfmKRuslmO8+udtLsExeqpbR6j0t00jmluF//Fjg6uVRBTK7
	lb1sT+6ji2ASEtVaRvtcX40WD7Fnhit37xcb5WbM4afGYdBn1VQi4KpnZ2at9cgTuicL9m
	vRVAG5z71Gfh8ZCLfm9TKcrA8jGb2Id0q3QmgckmNjEQfhP1ZMTV5DKc+E2ePBj1slP8NO
	Whidz/vp/nhHaX5WEzEXS9B8cTqdLGQRvQPeL4PnEx/Qt1oIOJT5A/K/MD/Y4mzPJcy5kc
	lD8YtmLlYqxXXE3xb/mLrWIYoS8H4mQHFrsfMtaitjTauAGx/KffogSk9s57Kw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668440884; a=rsa-sha256; cv=none;
	b=FpAY/26mOc21AuH4dOJ89pS5AEMf7xc7vJ5w6rMME5Xk4oE/nsGeSn3vHij4mpI8p90q4R
	3lNcYHgQ+LJB1xUPzHrSxV/OuP90YKhOpKR+fobNgpPqBPytgZJJKJmClpNC5fPpZnzOe1
	OOE2yaL3CLKqqM/eGv8vsWGgnE2j2naryv2gFJlNUnXZPJsVg49z+5EWSnk4+N3RQ3oO6Q
	5tYEXbuxrPs5N6CpxJscvRZ6Xv98ZXtDup2mkBEG0kWnzDTbg1bOwHZBvFoB4bPlS279MD
	J7YdOZQC03s0JeBaPK2hjDpSHwfhEqGwh8Dfv6d3Zs9+cOnXmcxYO5mgF4YG+A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N9txc2JZ7znNC;
	Mon, 14 Nov 2022 15:48:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AEFm4Yj011443;
	Mon, 14 Nov 2022 15:48:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AEFm4s0011442;
	Mon, 14 Nov 2022 15:48:04 GMT
	(envelope-from git)
Date: Mon, 14 Nov 2022 15:48:04 GMT
Message-Id: <202211141548.2AEFm4s0011442@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Hans Petter Selasky <hselasky@FreeBSD.org>
Subject: git: 3492caf512ae - main - dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: hselasky
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 3492caf512ae090816b4ffa275be43b2f5cfc460
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=3492caf512ae090816b4ffa275be43b2f5cfc460

commit 3492caf512ae090816b4ffa275be43b2f5cfc460
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-11-14 14:20:09 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-11-14 15:47:21 +0000

    dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
    
    Else out-of-bound reads and undefined behaviour may happen.
    The current code only checked for the presence of the first of four bytes.
    Make sure the fields in question have the minium size required.
    
    No functional change intended.
    
    Reviewed by:    rrs@
    MFC after:      1 week
    Sponsored by:   NVIDIA Networking
---
 sbin/dhclient/dhclient.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index a1628f0ee22f..da9a567fad04 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -798,7 +798,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->expiry = getULong(
 		    ip->client->config->defaults[DHO_DHCP_LEASE_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].data)
+        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].len >= 4)
 		ip->client->new->expiry = getULong(
 		    ip->client->new->options[DHO_DHCP_LEASE_TIME].data);
 	else
@@ -821,7 +821,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->renewal = getULong(
 		    ip->client->config->defaults[DHO_DHCP_RENEWAL_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len >= 4)
 		ip->client->new->renewal = getULong(
 		    ip->client->new->options[DHO_DHCP_RENEWAL_TIME].data);
 	else
@@ -835,7 +835,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->rebind = getULong(
 		    ip->client->config->defaults[DHO_DHCP_REBINDING_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len >= 4)
 		ip->client->new->rebind = getULong(
 		    ip->client->new->options[DHO_DHCP_REBINDING_TIME].data);
 	else