[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c

bugzilla at busybox.net bugzilla at busybox.net
Thu Dec 8 15:43:23 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=3979

Denys Vlasenko <vda.linux at googlemail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #6 from Denys Vlasenko <vda.linux at googlemail.com> 2011-12-08 15:43:23 UTC ---
Fixed in git:

commit 7280d2017d8075267a12e469983e38277dcf0374
Author: Denys Vlasenko <vda.linux at googlemail.com>
Date:   Thu Dec 8 16:41:05 2011 +0100

    udhcpc: sanitize hostnames in incoming packets. Closes 3979.

    The following options are replaced with string "bad" if they
    contain malformed hostname:
    HOST_NAME, DOMAIN_NAME, NIS_DOMAIN, TFTP_SERVER_NAME

    function                                             old     new   delta
    xmalloc_optname_optval                               850     888     +38
    attach_option                                        440     443      +3
    len_of_option_as_string                               13      14      +1
    dhcp_option_lengths                                   13      14      +1

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list