[Bug 11506] Out of bounds read in udhcp_get_option()

bugzilla at busybox.net bugzilla at busybox.net
Tue Dec 18 18:15:30 UTC 2018


--- Comment #2 from KRP <krp at gtux.in> ---
fill_envp() function in dhcpc.c makes calls to udhcp_get_option() in a loop.
So, it is not possible to check for the exact length parsed for specific
options. So, any options used after fill_envp() parsing may again lead to out
of bounds read in client side. Any thoughts about that?

You are receiving this mail because:
You are on the CC list for the bug.

More information about the busybox-cvs mailing list