diff options
author | Evan Hunt <each@isc.org> | 2007-10-26 22:46:50 +0000 |
---|---|---|
committer | Evan Hunt <each@isc.org> | 2007-10-26 22:46:50 +0000 |
commit | e2624b82f1121e8729b855fbb40eca082fe72eef (patch) | |
tree | 6a0eb7a89ca70ac3b486afdf46a2e4ad2a7f7405 /client/dhclient.c | |
parent | 6b911c8634bd3885dc71cb0beeae7c9b9ffa8024 (diff) | |
download | isc-dhcp-e2624b82f1121e8729b855fbb40eca082fe72eef.tar.gz |
- Reworked cons_options() and store_options() to fix a buffer
overflow that could result in a DoS (CVS 2007-0062). Also general
code tidying. [rt17090]
- Also fixed a spurious error message on the client. [rt17250]
Diffstat (limited to 'client/dhclient.c')
-rw-r--r-- | client/dhclient.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/client/dhclient.c b/client/dhclient.c index a0c9536d..3a74269a 100644 --- a/client/dhclient.c +++ b/client/dhclient.c @@ -1410,7 +1410,7 @@ struct client_lease *packet_to_lease (packet, client) if (!(i & 2) && packet -> raw -> sname [0]) { unsigned len; /* Don't count on the NUL terminator. */ - for (len = 0; len < 64; len++) + for (len = 0; len < DHCP_SNAME_LEN; len++) if (!packet -> raw -> sname [len]) break; lease -> server_name = dmalloc (len + 1, MDL); @@ -1429,7 +1429,7 @@ struct client_lease *packet_to_lease (packet, client) if (!(i & 1) && packet -> raw -> file [0]) { unsigned len; /* Don't count on the NUL terminator. */ - for (len = 0; len < 64; len++) + for (len = 0; len < DHCP_FILE_LEN; len++) if (!packet -> raw -> file [len]) break; lease -> filename = dmalloc (len + 1, MDL); |