diff options
| author | Conrad Meyer <cem@FreeBSD.org> | 2016-05-18 23:41:55 +0000 |
|---|---|---|
| committer | Conrad Meyer <cem@FreeBSD.org> | 2016-05-18 23:41:55 +0000 |
| commit | fb0eab090e2bea45aa00defe01609cffe8af4508 (patch) | |
| tree | e038aed5349f822bd95b6b7549356d7ac2cb1abc /sbin | |
| parent | 14131c0ba4a53ac9a4b7bd4e4fc49d2d1f3a03cc (diff) | |
| download | src-fb0eab090e2bea45aa00defe01609cffe8af4508.tar.gz src-fb0eab090e2bea45aa00defe01609cffe8af4508.zip | |
dhclient: Fix the trivial buffer overruns correctly
A DHCP client identifier is simply the hardware type (one byte) concatenated
with the hardware address (some variable number of bytes, but at most 16).
Limit the size of the temporary buffer to match and the rest of the
calculations shake out correctly.
This is a follow-up to the incorrect r299512, reverted in r300172.
CIDs: 1008682, 1305550
Sponsored by: EMC / Isilon Storage Division
Notes
Notes:
svn path=/head/; revision=300174
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/dhclient/dhclient.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c index 4444f29e5d83..65f0eb588eb1 100644 --- a/sbin/dhclient/dhclient.c +++ b/sbin/dhclient/dhclient.c @@ -1570,7 +1570,7 @@ make_discover(struct interface_info *ip, struct client_lease *lease) } /* set unique client identifier */ - char client_ident[sizeof(struct hardware)]; + char client_ident[sizeof(ip->hw_address.haddr) + 1]; if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) { int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ? ip->hw_address.hlen : sizeof(client_ident)-1; |