[Bug 12466] Out of bounds read in udhcp_get_option()

bugzilla at busybox.net bugzilla at busybox.net
Tue Jan 14 16:08:04 UTC 2020


https://bugs.busybox.net/show_bug.cgi?id=12466

Denys Vlasenko <vda.linux at googlemail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Denys Vlasenko <vda.linux at googlemail.com> ---
send_ACK():
        const char *p_host_name;
...
        p_host_name = (const char*) udhcp_get_option(oldpacket,
DHCP_HOST_NAME);
        add_lease(packet.chaddr, packet.yiaddr,
                lease_time_sec,
                p_host_name,
                p_host_name ? (unsigned char)p_host_name[OPT_LEN - OPT_DATA] :
0
        );


send_offer():
                p_host_name = (const char*) udhcp_get_option(oldpacket,
DHCP_HOST_NAME);
                lease = add_lease(packet.chaddr, packet.yiaddr,
                                server_data.offer_time,
                                p_host_name,
                                p_host_name ? (unsigned
char)p_host_name[OPT_LEN - OPT_DATA] : 0
                );

Looks ok to me.


> Shouldn't we also check if the length is 4

No, the length is not necessarily 4.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list