git: 3492caf512ae - main - dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.

From: Hans Petter Selasky <hselasky_at_FreeBSD.org>
Date: Mon, 14 Nov 2022 15:48:04 UTC 
The branch main has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=3492caf512ae090816b4ffa275be43b2f5cfc460

commit 3492caf512ae090816b4ffa275be43b2f5cfc460
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-11-14 14:20:09 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-11-14 15:47:21 +0000

    dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.
    
    Else out-of-bound reads and undefined behaviour may happen.
    The current code only checked for the presence of the first of four bytes.
    Make sure the fields in question have the minium size required.
    
    No functional change intended.
    
    Reviewed by:    rrs@
    MFC after:      1 week
    Sponsored by:   NVIDIA Networking
---
 sbin/dhclient/dhclient.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index a1628f0ee22f..da9a567fad04 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -798,7 +798,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->expiry = getULong(
 		    ip->client->config->defaults[DHO_DHCP_LEASE_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].data)
+        else if (ip->client->new->options[DHO_DHCP_LEASE_TIME].len >= 4)
 		ip->client->new->expiry = getULong(
 		    ip->client->new->options[DHO_DHCP_LEASE_TIME].data);
 	else
@@ -821,7 +821,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->renewal = getULong(
 		    ip->client->config->defaults[DHO_DHCP_RENEWAL_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_RENEWAL_TIME].len >= 4)
 		ip->client->new->renewal = getULong(
 		    ip->client->new->options[DHO_DHCP_RENEWAL_TIME].data);
 	else
@@ -835,7 +835,7 @@ dhcpack(struct packet *packet)
             ACTION_SUPERSEDE)
 		ip->client->new->rebind = getULong(
 		    ip->client->config->defaults[DHO_DHCP_REBINDING_TIME].data);
-        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len)
+        else if (ip->client->new->options[DHO_DHCP_REBINDING_TIME].len >= 4)
 		ip->client->new->rebind = getULong(
 		    ip->client->new->options[DHO_DHCP_REBINDING_TIME].data);
 	else