- Reworked cons_options() and store_options() to fix a buffer

overflow that could result in a DoS (CVS 2007-0062). Also general code tidying. [rt17090] - Also fixed a spurious error message on the client. [rt17250]
author: Evan Hunt <each@isc.org> 2007-10-26 22:46:50 +0000
committer: Evan Hunt <each@isc.org> 2007-10-26 22:46:50 +0000
commit: e2624b82f1121e8729b855fbb40eca082fe72eef (patch)
tree: 6a0eb7a89ca70ac3b486afdf46a2e4ad2a7f7405 /client/dhclient.c
parent: 6b911c8634bd3885dc71cb0beeae7c9b9ffa8024 (diff)
download: isc-dhcp-e2624b82f1121e8729b855fbb40eca082fe72eef.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/client/dhclient.c b/client/dhclient.c
index a0c9536d..3a74269a 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -1410,7 +1410,7 @@ struct client_lease *packet_to_lease (packet, client)
 	if (!(i & 2) && packet -> raw -> sname [0]) {
 		unsigned len;
 		/* Don't count on the NUL terminator. */
-		for (len = 0; len < 64; len++)
+		for (len = 0; len < DHCP_SNAME_LEN; len++)
 			if (!packet -> raw -> sname [len])
 				break;
 		lease -> server_name = dmalloc (len + 1, MDL);
@@ -1429,7 +1429,7 @@ struct client_lease *packet_to_lease (packet, client)
 	if (!(i & 1) && packet -> raw -> file [0]) {
 		unsigned len;
 		/* Don't count on the NUL terminator. */
-		for (len = 0; len < 64; len++)
+		for (len = 0; len < DHCP_FILE_LEN; len++)
 			if (!packet -> raw -> file [len])
 				break;
 		lease -> filename = dmalloc (len + 1, MDL);
author	Evan Hunt <each@isc.org>	2007-10-26 22:46:50 +0000
committer	Evan Hunt <each@isc.org>	2007-10-26 22:46:50 +0000
commit	e2624b82f1121e8729b855fbb40eca082fe72eef (patch)
tree	6a0eb7a89ca70ac3b486afdf46a2e4ad2a7f7405 /client/dhclient.c
parent	6b911c8634bd3885dc71cb0beeae7c9b9ffa8024 (diff)
download	isc-dhcp-e2624b82f1121e8729b855fbb40eca082fe72eef.tar.gz