diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2016-01-28 01:28:32 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2016-01-28 13:33:46 +0000 |
| commit | abe9d1b0739857f4a0d25005f9f0523153a6fe23 (patch) | |
| tree | f910f63502c27178e9ecbbd9d3c6e47e2214d100 /src | |
| parent | b0d1c5805a6b76c3b198728cdfd93e351d5eb196 (diff) | |
| download | odhcp6c-abe9d1b0739857f4a0d25005f9f0523153a6fe23.tar.gz | |
Check for unsupported PD exclusion configuration in dhcpv6_parse_ia
We currently only support PD exclusions that only affect bits 64-95 of
the address, so we require:
32 <= PD prefix length < exclusion prefix length <= 64
The first inequality was not validated, and this could result in a
buffer overflow when generating the next request message.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'src')
| -rw-r--r-- | src/dhcpv6.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/dhcpv6.c b/src/dhcpv6.c index c2a3e3d..2d8124f 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -1185,7 +1185,7 @@ static int dhcpv6_parse_ia(void *opt, void *end) if (elen > 64) elen = 64; - if (elen <= 32 || elen <= entry.length) { + if (entry.length < 32 || elen <= entry.length) { ok = false; continue; } |