Security bug in udhcp applet
Krishna Ram Prakash R
krp at gtux.in
Thu Dec 20 12:23:30 UTC 2018
Hi Denys,
Thanks for the fix!
Wouldn't the option parsing loop in fill_envp() in dhcpc.c parse and
load options without checking for the expected length and still result
in out-of-bounds read? Any thoughts on that?
Thanks,
KRP
On 12/18/18 12:17 AM, Denys Vlasenko wrote:
> I committed a fix, see bz
> On Mon, Dec 17, 2018 at 6:52 AM Krishna Ram Prakash R <krp at gtux.in> wrote:
>>
>>
>> Hi all,
>>
>> I reported a security bug in udhcp applet, a few days back in busybox
>> Bugzilla[1] as I could not find any private disclosure mailing lists.
>> But, it is not yet assigned and there are no activities in the bug report.
>>
>> Just a gentle reminder to the maintainers in case it has been missed.
>>
>> Thanks,
>> KRP
>>
>> [1] https://bugs.busybox.net/show_bug.cgi?id=11506
>>
>>
>>
>> _______________________________________________
>> busybox mailing list
>> busybox at busybox.net
>> http://lists.busybox.net/mailman/listinfo/busybox
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20181220/ae4b68cb/attachment.asc>
More information about the busybox
mailing list