[Bug 12466] New: Out of bounds read in udhcp_get_option()

Tue Jan 14 06:14:46 UTC 2020

https://bugs.busybox.net/show_bug.cgi?id=12466

            Bug ID: 12466
           Summary: Out of bounds read in udhcp_get_option()
           Product: Busybox
           Version: 1.31.x
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Networking
          Assignee: unassigned at busybox.net
          Reporter: zhaoyuhang0313 at iie.ac.cn
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

I noted that in send_ACK() and send_offer(), p_host_name is fetched and writen
without making sure that its length. Shouldn't we also check if the length is 4
 before calling add_lease()?

-- 
You are receiving this mail because:
You are on the CC list for the bug.