From 3ccb89bbf7d294f88e356e802d00afc16299f6c6 Mon Sep 17 00:00:00 2001 From: gordon Date: Wed, 2 Sep 2020 16:25:31 +0000 Subject: [PATCH] Fix dhclient heap overflow. Approved by: so Security: FreeBSD-SA-20:26.dhclient Security: CVE-2020-7461 --- sbin/dhclient/options.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sbin/dhclient/options.c b/sbin/dhclient/options.c index dc4cceab841..afdb3985aa5 100644 --- a/sbin/dhclient/options.c +++ b/sbin/dhclient/options.c @@ -298,6 +298,8 @@ find_search_domain_name_len(struct option_data *option, size_t *offset) pointed_len = find_search_domain_name_len(option, &pointer); + if (pointed_len < 0) + return (-1); domain_name_len += pointed_len; *offset = i + 2;