From nobody Mon Nov 21 20:52:07 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NGKMC5l2lz4hVnN;
	Mon, 21 Nov 2022 20:52:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NGKMC5Cz4z41jh;
	Mon, 21 Nov 2022 20:52:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1669063927;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PZ1tOVk1cdy8n4Did1OxzBlDkWJpHFj/hg0h+ocucfc=;
	b=O65Er1MEFcUJssdWt4rRKgHPefbHtLpNyBRbF8wWO4+dFHDHP4OGiUv1TDX3NUZq8bpPqS
	01BXYbTSicIOlf4Sy66ahQxtX4WRfLxPP4cPUXPkjpRXn8Ro0zM4p897G+FjRsUly8vksD
	U1Zn6sE1jSP/Ggk5owUO2N6Dz/NRlO00Bmlb+Muk2VjagDKwvAu3U0iDU08VtUtJFY8dj7
	RUofWFoJ6eHw8nZNtnzT5KQvTgVqce9GvFTdtoG8TK6zVlVJd8szH/QtCIfvqRf1jRzj6W
	mfh9VBJR/cZ3P6BFbQC6ZiRK7KsCn2K34fXgaR1WT3yrb8DVGIdtKiTQsn4DEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1669063927;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PZ1tOVk1cdy8n4Did1OxzBlDkWJpHFj/hg0h+ocucfc=;
	b=CmX8a/EikdfIYLGnAA1Z7qL8yxIyZbAXeUt2Uhee1nl0rmM5LP3AgojnDu9RK0mmx084Dg
	oFGqwxrlQFPp3N7mQCL2QbFJ5gLv9ssxxuMSBtWW5X3lpLJTDzpAvcHgm3qPv3QVt3r8kS
	/8giGysJNCW+pqFe6LlVLB4FSejcIKST+ROhealyYv8NyWMjsY0QCNaZJMiK+2tWj4fl7t
	rQ0rXWYHTIJ9E5JnK3bP48hyrWdwmYnoG7EiANRetruKjnSH3PRrlvWlzLADNC9G2/+GMY
	LNNhaWKQxnpu9RRrVVk8u8ne0qfmaE0BrGxMJ3+O9NDxN+JaKU9Cvg1M+DbpUQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669063927; a=rsa-sha256; cv=none;
	b=nNyrcsyY0ZtelHzW8ZaxcpYipoc0cC3O1aXbUgySaBvfm9HaWQ087a3zOumHtCIHMPSqVP
	vLIs7vp2Ji2vL1yjCZFlHdYfLY/BfgZiz4fI/L3iVnKGfK4stIfs/mTvOo6rJqmD2whft2
	CAghi2SQ3fpRpXQ8WuZOztvmhclkBDhDLPkvm0oox5tn8N6EVykpXe47z5XHQIu+zkGUck
	+YoAGmYQt8spGhGQdEqbO9AtcPnAozLHSUgEClHPdFbaPMZgL9I5YbVmkotG3exJhCzoWx
	SLPD1uDHsSmlhSdJ+eHQZeCusrwGHWEHiHtHH1XKkC+GavZXvY9AN3wijYbZ1g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NGKMC49sTzHKp;
	Mon, 21 Nov 2022 20:52:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ALKq7Qa078541;
	Mon, 21 Nov 2022 20:52:07 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ALKq7R6078540;
	Mon, 21 Nov 2022 20:52:07 GMT
	(envelope-from git)
Date: Mon, 21 Nov 2022 20:52:07 GMT
Message-Id: <202211212052.2ALKq7R6078540@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Hans Petter Selasky <hselasky@FreeBSD.org>
Subject: git: 906f88a5d67c - stable/11 - dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: hselasky
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/11
X-Git-Reftype: branch
X-Git-Commit: 906f88a5d67cab3e3a81b8d584f5abdaa15b2360
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/11 has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=906f88a5d67cab3e3a81b8d584f5abdaa15b2360

commit 906f88a5d67cab3e3a81b8d584f5abdaa15b2360
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-11-14 14:20:09 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-11-21 20:51:18 +0000

    dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
    
    Else out-of-bound reads and undefined behaviour may happen.
    The current code only checked for the presence of the first of four bytes.
    Make sure the fields in question have the minium size required.
    
    No functional change intended.
    
    Reviewed by:    rrs@
    Sponsored by:   NVIDIA Networking
    
    (cherry picked from commit 3492caf512ae090816b4ffa275be43b2f5cfc460)
---
 sbin/dhclient/dhclient.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 7ca9cfe8ab42..a8293fcd7cf5 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -764,7 +764,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->expiry = getULong(
 		    ip->client->config->defaults[DHO_DHCP_LEASE_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].data)
+        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].len >= 4)
 		ip->client->new->expiry = getULong(
 		    ip->client->new->options[DHO_DHCP_LEASE_TIME].data);
 	else
@@ -787,7 +787,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->renewal = getULong(
 		    ip->client->config->defaults[DHO_DHCP_RENEWAL_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len >= 4)
 		ip->client->new->renewal = getULong(
 		    ip->client->new->options[DHO_DHCP_RENEWAL_TIME].data);
 	else
@@ -801,7 +801,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->rebind = getULong(
 		    ip->client->config->defaults[DHO_DHCP_REBINDING_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len >= 4)
 		ip->client->new->rebind = getULong(
 		    ip->client->new->options[DHO_DHCP_REBINDING_TIME].data);
 	else