svn commit: r300174 - head/sbin/dhclient
Don Lewis
truckman at FreeBSD.org
Thu May 19 00:26:22 UTC 2016
On 18 May, Conrad E. Meyer wrote:
> Author: cem
> Date: Wed May 18 23:41:55 2016
> New Revision: 300174
> URL: https://svnweb.freebsd.org/changeset/base/300174
>
> Log:
> dhclient: Fix the trivial buffer overruns correctly
>
> A DHCP client identifier is simply the hardware type (one byte) concatenated
> with the hardware address (some variable number of bytes, but at most 16).
> Limit the size of the temporary buffer to match and the rest of the
> calculations shake out correctly.
>
> This is a follow-up to the incorrect r299512, reverted in r300172.
>
> CIDs: 1008682, 1305550
> Sponsored by: EMC / Isilon Storage Division
>
> Modified:
> head/sbin/dhclient/dhclient.c
>
> Modified: head/sbin/dhclient/dhclient.c
> ==============================================================================
> --- head/sbin/dhclient/dhclient.c Wed May 18 23:39:31 2016 (r300173)
> +++ head/sbin/dhclient/dhclient.c Wed May 18 23:41:55 2016 (r300174)
> @@ -1570,7 +1570,7 @@ make_discover(struct interface_info *ip,
> }
>
> /* set unique client identifier */
> - char client_ident[sizeof(struct hardware)];
> + char client_ident[sizeof(ip->hw_address.haddr) + 1];
> if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) {
> int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ?
> ip->hw_address.hlen : sizeof(client_ident)-1;
>
That might work as well.
More information about the svn-src-head
mailing list