diff options
author | Evan Hunt <each@isc.org> | 2007-10-26 22:46:50 +0000 |
---|---|---|
committer | Evan Hunt <each@isc.org> | 2007-10-26 22:46:50 +0000 |
commit | e2624b82f1121e8729b855fbb40eca082fe72eef (patch) | |
tree | 6a0eb7a89ca70ac3b486afdf46a2e4ad2a7f7405 /includes/dhcp.h | |
parent | 6b911c8634bd3885dc71cb0beeae7c9b9ffa8024 (diff) | |
download | isc-dhcp-e2624b82f1121e8729b855fbb40eca082fe72eef.tar.gz |
- Reworked cons_options() and store_options() to fix a buffer
overflow that could result in a DoS (CVS 2007-0062). Also general
code tidying. [rt17090]
- Also fixed a spurious error message on the client. [rt17250]
Diffstat (limited to 'includes/dhcp.h')
-rw-r--r-- | includes/dhcp.h | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/includes/dhcp.h b/includes/dhcp.h index 1ee7b7b9..ee23a29d 100644 --- a/includes/dhcp.h +++ b/includes/dhcp.h @@ -34,17 +34,19 @@ #define DHCP_H #define DHCP_UDP_OVERHEAD (20 + /* IP header */ \ - 8) /* UDP header */ + 8) /* UDP header */ #define DHCP_SNAME_LEN 64 #define DHCP_FILE_LEN 128 #define DHCP_FIXED_NON_UDP 236 #define DHCP_FIXED_LEN (DHCP_FIXED_NON_UDP + DHCP_UDP_OVERHEAD) /* Everything but options. */ +#define BOOTP_MIN_LEN 300 + #define DHCP_MTU_MAX 1500 -#define DHCP_OPTION_LEN (DHCP_MTU_MAX - DHCP_FIXED_LEN) +#define DHCP_MTU_MIN 576 -#define BOOTP_MIN_LEN 300 -#define DHCP_MIN_LEN 548 +#define DHCP_MAX_OPTION_LEN (DHCP_MTU_MAX - DHCP_FIXED_LEN) +#define DHCP_MIN_OPTION_LEN (DHCP_MTU_MIN - DHCP_FIXED_LEN) struct dhcp_packet { u_int8_t op; /* 0: Message opcode/type */ @@ -61,7 +63,7 @@ struct dhcp_packet { unsigned char chaddr [16]; /* 24: Client hardware address */ char sname [DHCP_SNAME_LEN]; /* 40: Server name */ char file [DHCP_FILE_LEN]; /* 104: Boot filename */ - unsigned char options [DHCP_OPTION_LEN]; + unsigned char options [DHCP_MAX_OPTION_LEN]; /* 212: Optional parameters (actual length dependent on MTU). */ }; |