diff options
| author | Toomas Soome <tsoome@FreeBSD.org> | 2017-03-20 22:20:17 +0000 |
|---|---|---|
| committer | Toomas Soome <tsoome@FreeBSD.org> | 2017-03-20 22:20:17 +0000 |
| commit | c1e968fb6297591a95711fea86f694b9f3b43e88 (patch) | |
| tree | 44e9263aeb4d57ee955cd5e6b765de19dac966e4 | |
| parent | 98339da12a4e4255ea080b6a3913896c4587cebc (diff) | |
Notes
| -rw-r--r-- | lib/libstand/bootp.c | 25 | ||||
| -rw-r--r-- | sys/boot/common/dev_net.c | 2 | ||||
| -rw-r--r-- | sys/boot/i386/libi386/pxe.c | 2 |
3 files changed, 24 insertions, 5 deletions
diff --git a/lib/libstand/bootp.c b/lib/libstand/bootp.c index 5d993ce5f07e8..479405debe22a 100644 --- a/lib/libstand/bootp.c +++ b/lib/libstand/bootp.c @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include <sys/types.h> +#include <sys/limits.h> #include <sys/endian.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -403,11 +404,29 @@ vend_rfc1048(cp, len) strlcpy(hostname, val, sizeof(hostname)); } if (tag == TAG_INTF_MTU) { + intf_mtu = 0; if ((val = getenv("dhcp.interface-mtu")) != NULL) { - intf_mtu = (u_int)strtoul(val, NULL, 0); - } else { - intf_mtu = be16dec(cp); + unsigned long tmp; + char *end; + + errno = 0; + /* + * Do not allow MTU to exceed max IPv4 packet + * size, max value of 16-bit word. + */ + tmp = strtoul(val, &end, 0); + if (errno != 0 || + *val == '\0' || *end != '\0' || + tmp > USHRT_MAX) { + printf("%s: bad value: \"%s\", " + "ignoring\n", + "dhcp.interface-mtu", val); + } else { + intf_mtu = (u_int)tmp; + } } + if (intf_mtu <= 0) + intf_mtu = be16dec(cp); } #ifdef SUPPORT_DHCP if (tag == TAG_DHCP_MSGTYPE) { diff --git a/sys/boot/common/dev_net.c b/sys/boot/common/dev_net.c index 76abb2eb50bac..1795767dc5b32 100644 --- a/sys/boot/common/dev_net.c +++ b/sys/boot/common/dev_net.c @@ -175,7 +175,7 @@ net_open(struct open_file *f, ...) } if (intf_mtu != 0) { char mtu[16]; - sprintf(mtu, "%u", intf_mtu); + snprintf(mtu, sizeof(mtu), "%u", intf_mtu); setenv("boot.netif.mtu", mtu, 1); } diff --git a/sys/boot/i386/libi386/pxe.c b/sys/boot/i386/libi386/pxe.c index db27220c1a147..8928a231b70ef 100644 --- a/sys/boot/i386/libi386/pxe.c +++ b/sys/boot/i386/libi386/pxe.c @@ -342,7 +342,7 @@ pxe_open(struct open_file *f, ...) } if (intf_mtu != 0) { char mtu[16]; - sprintf(mtu, "%u", intf_mtu); + snprintf(sizeof(mtu), mtu, "%u", intf_mtu); setenv("boot.netif.mtu", mtu, 1); } printf("pxe_open: server addr: %s\n", inet_ntoa(rootip)); |