diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-08-06 13:05:59 +0900 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-08-06 13:06:32 +0900 |
commit | 4473cd7f61b9eb0860f2daab81491ad2145d554b (patch) | |
tree | 4072383e77bd3a4ce38e96ec8bf8f19e50372383 /src/libsystemd-network/sd-dhcp-client.c | |
parent | 073a1daaba807708c3ef31e324ec313e3e1cf919 (diff) | |
download | systemd-4473cd7f61b9eb0860f2daab81491ad2145d554b.tar.gz |
dhcp: fix potential buffer overflow
Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315.
This also renames several macros for DHCP packet size.
Diffstat (limited to 'src/libsystemd-network/sd-dhcp-client.c')
-rw-r--r-- | src/libsystemd-network/sd-dhcp-client.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index 1a477c4018..f772b82e4c 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -562,7 +562,7 @@ int sd_dhcp_client_set_client_port( int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) { assert_return(client, -EINVAL); - assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE); + assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE); client->mtu = mtu; @@ -729,7 +729,6 @@ static int client_message_init( _cleanup_free_ DHCPPacket *packet = NULL; size_t optlen, optoffset, size; - be16_t max_size; usec_t time_now; uint16_t secs; int r; @@ -872,9 +871,9 @@ static int client_message_init( */ /* RFC7844 section 3: SHOULD NOT contain any other option. */ - if (!client->anonymize && type != DHCP_RELEASE) { - max_size = htobe16(size); - r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0, + if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) { + be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX)); + r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0, SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE, 2, &max_size); if (r < 0) @@ -2186,7 +2185,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { .state = DHCP_STATE_INIT, .ifindex = -1, .fd = -1, - .mtu = DHCP_DEFAULT_MIN_SIZE, + .mtu = DHCP_MIN_PACKET_SIZE, .port = DHCP_PORT_CLIENT, .anonymize = !!anonymize, .max_attempts = UINT64_MAX, |