MFS11 r342229: bootpd: validate hardware type
Due to insufficient validation of network-provided data it may have been possible for a malicious actor to craft a bootp packet which could cause a stack buffer overflow. admbugs: 850 Reported by: Reno Robert Reviewed by: markj Approved by: so Security: FreeBSD-SA-18:15.bootpd Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
a9a2c6496c
commit
a6f0685143
|
@ -636,6 +636,10 @@ handle_request()
|
|||
char *homedir, *bootfile;
|
||||
int n;
|
||||
|
||||
if (bp->bp_htype >= hwinfocnt) {
|
||||
report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
|
||||
return;
|
||||
}
|
||||
bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
|
||||
|
||||
/* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */
|
||||
|
|
Loading…
Reference in New Issue