Date: Wed, 26 Jun 2019 20:19:48 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r349439 - head/sbin/dhclient Message-ID: <201906262019.x5QKJmfJ068404@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Wed Jun 26 20:19:48 2019 New Revision: 349439 URL: https://svnweb.freebsd.org/changeset/base/349439 Log: Free DHCP options with length zero. Otherwise they are leaked, allowing an attacker to trigger memory exhaustion. This is options.c rev. 1.70 from OpenBSD. admbugs: 552 Obtained from: OpenBSD MFC after: 3 days Modified: head/sbin/dhclient/options.c Modified: head/sbin/dhclient/options.c ============================================================================== --- head/sbin/dhclient/options.c Wed Jun 26 20:11:52 2019 (r349438) +++ head/sbin/dhclient/options.c Wed Jun 26 20:19:48 2019 (r349439) @@ -896,6 +896,5 @@ do_packet(struct interface_info *interface, struct dhc /* Free the data associated with the options. */ for (i = 0; i < 256; i++) - if (tp.options[i].len && tp.options[i].data) - free(tp.options[i].data); + free(tp.options[i].data); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906262019.x5QKJmfJ068404>