diff options
author | Gordon Tetlow <gordon@FreeBSD.org> | 2020-09-02 16:25:31 +0000 |
---|---|---|
committer | Gordon Tetlow <gordon@FreeBSD.org> | 2020-09-02 16:25:31 +0000 |
commit | 0a2ea0ffce0529bd52ee64737026db99680a4ede (patch) | |
tree | a271da08c84c643b8339680a7ded658df53b3e0e | |
parent | ca789358b9ffc57ad56f7f0b0a50746f45581d4d (diff) | |
download | src-test2-0a2ea0ffce0529bd52ee64737026db99680a4ede.tar.gz src-test2-0a2ea0ffce0529bd52ee64737026db99680a4ede.zip |
Fix dhclient heap overflow.
Approved by: so
Security: FreeBSD-SA-20:26.dhclient
Security: CVE-2020-7461
Notes
Notes:
svn path=/releng/11.4/; revision=365257
-rw-r--r-- | sbin/dhclient/options.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sbin/dhclient/options.c b/sbin/dhclient/options.c index 5fe2b5bd2a5b..30a6631603c9 100644 --- a/sbin/dhclient/options.c +++ b/sbin/dhclient/options.c @@ -296,6 +296,8 @@ find_search_domain_name_len(struct option_data *option, size_t *offset) pointed_len = find_search_domain_name_len(option, &pointer); + if (pointed_len < 0) + return (-1); domain_name_len += pointed_len; *offset = i + 2; |