svn commit: r342230 - releng/12.0/libexec/bootpd
Ed Maste
emaste at FreeBSD.org
Wed Dec 19 18:21:08 UTC 2018
Author: emaste
Date: Wed Dec 19 18:21:07 2018
New Revision: 342230
URL: https://svnweb.freebsd.org/changeset/base/342230
Log:
MFS12 r342228: bootpd: validate hardware type
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.
admbugs: 850
Reported by: Reno Robert
Reviewed by: markj
Approved by: so
Security: FreeBSD-SA-18:15.bootpd
Sponsored by: The FreeBSD Foundation
Modified:
releng/12.0/libexec/bootpd/bootpd.c
Directory Properties:
releng/12.0/ (props changed)
Modified: releng/12.0/libexec/bootpd/bootpd.c
==============================================================================
--- releng/12.0/libexec/bootpd/bootpd.c Wed Dec 19 18:19:15 2018 (r342229)
+++ releng/12.0/libexec/bootpd/bootpd.c Wed Dec 19 18:21:07 2018 (r342230)
@@ -636,6 +636,10 @@ handle_request()
char *homedir, *bootfile;
int n;
+ if (bp->bp_htype >= hwinfocnt) {
+ report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
+ return;
+ }
bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
/* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */
More information about the svn-src-all
mailing list