[Bug 12466] Out of bounds read in udhcp_get_option()
bugzilla at busybox.net
bugzilla at busybox.net
Tue Jan 14 16:08:04 UTC 2020
https://bugs.busybox.net/show_bug.cgi?id=12466
Denys Vlasenko <vda.linux at googlemail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Denys Vlasenko <vda.linux at googlemail.com> ---
send_ACK():
const char *p_host_name;
...
p_host_name = (const char*) udhcp_get_option(oldpacket,
DHCP_HOST_NAME);
add_lease(packet.chaddr, packet.yiaddr,
lease_time_sec,
p_host_name,
p_host_name ? (unsigned char)p_host_name[OPT_LEN - OPT_DATA] :
0
);
send_offer():
p_host_name = (const char*) udhcp_get_option(oldpacket,
DHCP_HOST_NAME);
lease = add_lease(packet.chaddr, packet.yiaddr,
server_data.offer_time,
p_host_name,
p_host_name ? (unsigned
char)p_host_name[OPT_LEN - OPT_DATA] : 0
);
Looks ok to me.
> Shouldn't we also check if the length is 4
No, the length is not necessarily 4.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list