From nobody Mon Nov 21 20:41:49 2022
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NGK7L1rqTz4hTnf;
	Mon, 21 Nov 2022 20:41:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NGK7L1JGYz414f;
	Mon, 21 Nov 2022 20:41:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1669063310;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bNY88e2FR7EIfJBccUS70A58oYDPLhrKSw2xDy3ABnU=;
	b=IuC07VgMJiArskvv1kFg8NrPJf/cEAZXNhuIVnKkJpvQWeF628bYfzV6m7fRqWv+1XfNL0
	eGkotofYzlqhDis1/x/L22rfriJ+83K9wZP9xmkBkojw3Cks32+IousLYEQHv+0SQ+EHB3
	699zXa8EvdKH2veJGjr2cCpI20Zb8DqpvTBiuveJVLs13YKgASFBjsXwtr7m7P4HeWRu0X
	Bl+zeB4Pytx4dci8WW6cV0XJ5LV8QeeQ2QMDMByJSByYlg6NgT7pMi/czG93D1UZFGzCjN
	z9MK8mCWlki8EAkpTZc8C5GKwW0Fe79HcJixglJ9S9NAJ4gMnOdIMQRAdxoo2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1669063310;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bNY88e2FR7EIfJBccUS70A58oYDPLhrKSw2xDy3ABnU=;
	b=uW3qrTpyhE5d0mW+106Op8XCtXql0f0hnVaNLysTve76VzLxXg85pJ4d/g8X3I9PICFAxk
	gDt6+81UdoYa3V1j6JLJknchuWoEW76Nf66klsnO4zxA9FMWziWx2yU4x/vKSueG0Ubo0B
	hoqFIiciYMWrTTVA0pIGKHjP37a5pHxD1GTUFc3bAxRnTs/nGWF2KiMIQe6hhVGImRzRCC
	DwFygXCLbXQmHZRi7+ZVhaXjrKXDGTmEOqJp2ELKzEqN9jVCpphL7ca7lq0fry+pwz9mIS
	Y7TfZV7yVCLTcs487YRI/iCD3iyhvLptnDxhHukzDN9+tWByz2hVgKOfAk8+5Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669063310; a=rsa-sha256; cv=none;
	b=uposk57A3r4AAIwpYeBZKh5Bvo8/9bVvwiKgfAI8xl0DcjwqV7xILxkIU7GMzXCJjQbfaJ
	d3Ku76vCe3Rl+dHOT35VfDmE4TEtnpOfiy29yRBgBoJb7w2Hi0GKgxBDbXAX1Y8jQFGid2
	G9c8i4GQtF4vKx+frYsRRqTng55k10RxDOdOV2bwkKl48f+wF1fiWh5/0YNFfVlbLMlpJd
	mxgWiuzn+VrYOCfyiFOBIR9q8x9NwPakldunHgOPA+xMu9g8+ItyFZZcY5a4MveR3Jg6sS
	0X1J3Z8TYnZP6huEG+cA0+j7XbsZk4HxYWwX9k/HHtsiufTfiR1V+YdCOGj9bA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NGK7L0NFgzHP1;
	Mon, 21 Nov 2022 20:41:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ALKfnD9064126;
	Mon, 21 Nov 2022 20:41:49 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ALKfnnJ064125;
	Mon, 21 Nov 2022 20:41:49 GMT
	(envelope-from git)
Date: Mon, 21 Nov 2022 20:41:49 GMT
Message-Id: <202211212041.2ALKfnnJ064125@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Hans Petter Selasky <hselasky@FreeBSD.org>
Subject: git: 56bfa62faab4 - stable/12 - dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: hselasky
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 56bfa62faab489e6b1f1c1fa849a0eea2667825e
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/12 has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=56bfa62faab489e6b1f1c1fa849a0eea2667825e

commit 56bfa62faab489e6b1f1c1fa849a0eea2667825e
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-11-14 14:20:09 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-11-21 20:41:07 +0000

    dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
    
    Else out-of-bound reads and undefined behaviour may happen.
    The current code only checked for the presence of the first of four bytes.
    Make sure the fields in question have the minium size required.
    
    No functional change intended.
    
    Reviewed by:    rrs@
    Sponsored by:   NVIDIA Networking
    
    (cherry picked from commit 3492caf512ae090816b4ffa275be43b2f5cfc460)
---
 sbin/dhclient/dhclient.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 628490874e69..f266a4aa3761 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -798,7 +798,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->expiry = getULong(
 		    ip->client->config->defaults[DHO_DHCP_LEASE_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].data)
+        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].len >= 4)
 		ip->client->new->expiry = getULong(
 		    ip->client->new->options[DHO_DHCP_LEASE_TIME].data);
 	else
@@ -821,7 +821,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->renewal = getULong(
 		    ip->client->config->defaults[DHO_DHCP_RENEWAL_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len >= 4)
 		ip->client->new->renewal = getULong(
 		    ip->client->new->options[DHO_DHCP_RENEWAL_TIME].data);
 	else
@@ -835,7 +835,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->rebind = getULong(
 		    ip->client->config->defaults[DHO_DHCP_REBINDING_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len >= 4)
 		ip->client->new->rebind = getULong(
 		    ip->client->new->options[DHO_DHCP_REBINDING_TIME].data);
 	else