rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-FR-GV-304-check-for-option-overflowing-the-packet.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   c7-alt
  2.   SOURCES
  3.   freeradius-FR-GV-304-check-for-option-overflowing-the-packet.patch
Blob History Raw
653d32 
From 4929ae5d13a2750f83cd1a7fd0191b8fca4d32d0 Mon Sep 17 00:00:00 2001
653d32 
From: "Alan T. DeKok" <aland@freeradius.org>
653d32 
Date: Mon, 3 Jul 2017 15:42:35 -0400
653d32 
Subject: [PATCH] FR-GV-304 - check for option overflowing the packet
653d32
653d32 
---
653d32 
 src/modules/proto_dhcp/dhcp.c | 18 ++++++++++++++++++
653d32 
 1 file changed, 18 insertions(+)
653d32
653d32 
diff --git a/src/modules/proto_dhcp/dhcp.c b/src/modules/proto_dhcp/dhcp.c
653d32 
index dbfe81747..5fd922d03 100644
653d32 
--- a/src/modules/proto_dhcp/dhcp.c
653d32 
+++ b/src/modules/proto_dhcp/dhcp.c
653d32 
@@ -629,6 +629,24 @@ static int fr_dhcp_decode_suboption(TALLOC_CTX *ctx, VALUE_PAIR **tlv, uint8_t c
653d32 
 		uint32_t	attr;
653d32
653d32 
 		/*
653d32 
+		 *	Not enough room for the option header, it's a
653d32 
+		 *	bad packet.
653d32 
+		 */
653d32 
+		if ((p + 2) > (data + len)) {
653d32 
+			fr_pair_list_free(&head;;
653d32 
+			return -1;
653d32 
+		}
653d32 
+
653d32 
+		/*
653d32 
+		 *	Not enough room for the option header + data,
653d32 
+		 *	it's a bad packet.
653d32 
+		 */
653d32 
+		if ((p + 2 + p[1]) > (data + len)) {
653d32 
+			fr_pair_list_free(&head;;
653d32 
+			return -1;
653d32 
+		}
653d32 
+
653d32 
+		/*
653d32 
 		 *	The initial OID string looks like:
653d32 
 		 *	<iana>.0
653d32 
 		 *
653d32 
--
653d32 
2.13.2
653d32

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation