opensourcemirror
/
opnsense-src
mirror of https://github.com/opnsense/src.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MFS11 r342229: bootpd: validate hardware type 

Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.

admbugs:	850
Reported by:	Reno Robert
Reviewed by:	markj
Approved by:	so
Security:	FreeBSD-SA-18:15.bootpd
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
emaste 2018-12-19 18:22:25 +00:00 committed by Franco Fichtner
parent a9a2c6496c
commit a6f0685143
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libexec/bootpd/bootpd.c
View File

@ -636,6 +636,10 @@ handle_request()
char *homedir, *bootfile;
int n;
if (bp->bp_htype >= hwinfocnt) {
report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
return;
}
bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
/* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */