From nobody Mon Nov 21 20:39:26 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NGK4Z2Wsqz4hTRX; Mon, 21 Nov 2022 20:39:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NGK4Z1yLVz40jv; Mon, 21 Nov 2022 20:39:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1669063166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g2oGE4j3ctC1NiGoaxfX+4XR0XsHyo6jYOUSWNvAWvI=; b=KnfepxmQZs3406xuAmr2PZdF9fYtRqHIlHxo6+LB1L4XpfoutTmh93rqwJf15XFl8oVHWW 6tgdCS1rqucwGTvZ/ShVUAKwhxrtRk5hIU+YSpOCUzyQP/y3BLPPmopdBKRUbD+m3RvqWb E7KUr7Xn6Rp6vEr9mOqibZ0Z/GtpA5xgdmDoUmftqAfXP6Zl+D6PtcuPI9AqP3rUajlTdz sy5i+p8By6GuEjuhDM7JoY03XgZg3/aUglPDaaE0CM/UVVrNWCBysKK5Qm+QcQa42tg9Y9 o5vQm7ce6rFePGzy4juKIkYWMwiC2x09sFjE/6viGqILdJb8xWu/CNO4axydIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1669063166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g2oGE4j3ctC1NiGoaxfX+4XR0XsHyo6jYOUSWNvAWvI=; b=spYflqiZq4QEJjiD5kuFQ3djr6fIGMOv2a3N8s0T8sAIg63u36K28E+YVC3Fh4Dm80wift QphU4xzXPpNzAm7zH20NF0L2/NYyvv4/x0bM9LZl1mrkr5S16/oHVcqzL6L/EeQyTkuxt6 0NzbnmLutJsGCaUAI4SYBwlcOrEbuzSdf1txtN6dsM07Lgcr+bR33D/X84wJYGH9yX67LQ Iw5PnOBhvKDLaFQdEmBr97TORsVXRFmq6juKSXoFf/GINbHVT/KKErixjiUig6Nkuaxp3P CHXYpog//ANnfI1vx8Sg+3DLnpKe7HVX50EBhAw/t14M1aw2Qfi1m0PfZa/mHQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669063166; a=rsa-sha256; cv=none; b=vyLsdnpf4Q5WsF3RTFDozYeNZYRIU2a814+VTPAHuJ9kInJhe4ngxzzWADQgEK8M4IdEau +ib9zT9auNhX9orZyR7KhzuRoPiS+DZs6oTuaXNvZ0CKMu/MqEX8TUTaoO6tLaarimzV3l 1QXg8oVF2uwDDvR9bRcFyidPKSBXgBlvdfeNqkLho8ZYwcSHFqV1kRTdcCGYEYATTnfuQM /EFb/lzHhNDoKxFkhRme5hQJeu7B64n8ICSs6V0A3CdNhpe3j1Lf5GCDRFIX3l6eEoAd0Q hFy/H/br89exhSUy71zDug9sIwB9nc0oIByqGmSD1N4JMTIsomLzxfJc3scNIg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NGK4Z0vvjzH6N; Mon, 21 Nov 2022 20:39:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ALKdQTj051045; Mon, 21 Nov 2022 20:39:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ALKdQOh051044; Mon, 21 Nov 2022 20:39:26 GMT (envelope-from git) Date: Mon, 21 Nov 2022 20:39:26 GMT Message-Id: <202211212039.2ALKdQOh051044@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Hans Petter Selasky Subject: git: b51ee7ac252c - stable/13 - dhclient(8): Verify lease-, renewal- and rebinding-time option sizes. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: hselasky X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: b51ee7ac252cb09a4e931cac86604231c5f5f089 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by hselasky: URL: https://cgit.FreeBSD.org/src/commit/?id=b51ee7ac252cb09a4e931cac86604231c5f5f089 commit b51ee7ac252cb09a4e931cac86604231c5f5f089 Author: Hans Petter Selasky AuthorDate: 2022-11-14 14:20:09 +0000 Commit: Hans Petter Selasky CommitDate: 2022-11-21 20:38:24 +0000 dhclient(8): Verify lease-, renewal- and rebinding-time option sizes. Else out-of-bound reads and undefined behaviour may happen. The current code only checked for the presence of the first of four bytes. Make sure the fields in question have the minium size required. No functional change intended. Reviewed by: rrs@ Sponsored by: NVIDIA Networking (cherry picked from commit 3492caf512ae090816b4ffa275be43b2f5cfc460) --- sbin/dhclient/dhclient.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c index a1628f0ee22f..da9a567fad04 100644 --- a/sbin/dhclient/dhclient.c +++ b/sbin/dhclient/dhclient.c @@ -798,7 +798,7 @@ dhcpack(struct packet *packet) ACTION_SUPERSEDE) ip->client->new->expiry = getULong( ip->client->config->defaults[DHO_DHCP_LEASE_TIME].data); - else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].data) + else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].len >= 4) ip->client->new->expiry = getULong( ip->client->new->options[DHO_DHCP_LEASE_TIME].data); else @@ -821,7 +821,7 @@ dhcpack(struct packet *packet) ACTION_SUPERSEDE) ip->client->new->renewal = getULong( ip->client->config->defaults[DHO_DHCP_RENEWAL_TIME].data); - else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len) + else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len >= 4) ip->client->new->renewal = getULong( ip->client->new->options[DHO_DHCP_RENEWAL_TIME].data); else @@ -835,7 +835,7 @@ dhcpack(struct packet *packet) ACTION_SUPERSEDE) ip->client->new->rebind = getULong( ip->client->config->defaults[DHO_DHCP_REBINDING_TIME].data); - else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len) + else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len >= 4) ip->client->new->rebind = getULong( ip->client->new->options[DHO_DHCP_REBINDING_TIME].data); else