When attempting to convert a DUID from a client id option

into a hardware address handle unexpected client ids properly. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29852] CVE: CVE-2012-3570
author: Shawn Routhier <sar@isc.org> 2012-06-27 21:33:25 +0000
committer: Shawn Routhier <sar@isc.org> 2012-06-27 21:33:25 +0000
commit: e563ec2e5898119b6af8421f30d3513947348ceb (patch)
tree: c6d7efe36bec0c4b78072dd46acc5bc6e8fb6ec2 /includes
parent: de87ffe336431082037edc911d202413e6fb51d4 (diff)
download: isc-dhcp-e563ec2e5898119b6af8421f30d3513947348ceb.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 6aaa6ed0..b8792fae 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -432,11 +432,17 @@ struct packet {
 	isc_boolean_t unicast;
 };
 
-/* A network interface's MAC address. */
+/*
+ * A network interface's MAC address.
+ * 20 bytes for the hardware address
+ * and 1 byte for the type tag
+ */
+
+#define HARDWARE_ADDR_LEN 20
 
 struct hardware {
 	u_int8_t hlen;
-	u_int8_t hbuf[21];
+	u_int8_t hbuf[HARDWARE_ADDR_LEN + 1];
 };
 
 #if defined(LDAP_CONFIGURATION)
author	Shawn Routhier <sar@isc.org>	2012-06-27 21:33:25 +0000
committer	Shawn Routhier <sar@isc.org>	2012-06-27 21:33:25 +0000
commit	e563ec2e5898119b6af8421f30d3513947348ceb (patch)
tree	c6d7efe36bec0c4b78072dd46acc5bc6e8fb6ec2 /includes
parent	de87ffe336431082037edc911d202413e6fb51d4 (diff)
download	isc-dhcp-e563ec2e5898119b6af8421f30d3513947348ceb.tar.gz