aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-09-02 16:25:31 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-09-02 16:25:31 +0000
commit0a2ea0ffce0529bd52ee64737026db99680a4ede (patch)
treea271da08c84c643b8339680a7ded658df53b3e0e
parentca789358b9ffc57ad56f7f0b0a50746f45581d4d (diff)
downloadsrc-0a2ea0ffce0529bd52ee64737026db99680a4ede.tar.gz
src-0a2ea0ffce0529bd52ee64737026db99680a4ede.zip
Fix dhclient heap overflow.
Approved by: so Security: FreeBSD-SA-20:26.dhclient Security: CVE-2020-7461
Notes
Notes: svn path=/releng/11.4/; revision=365257
-rw-r--r--sbin/dhclient/options.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sbin/dhclient/options.c b/sbin/dhclient/options.c
index 5fe2b5bd2a5b..30a6631603c9 100644
--- a/sbin/dhclient/options.c
+++ b/sbin/dhclient/options.c
@@ -296,6 +296,8 @@ find_search_domain_name_len(struct option_data *option, size_t *offset)
pointed_len = find_search_domain_name_len(option,
&pointer);
+ if (pointed_len < 0)
+ return (-1);
domain_name_len += pointed_len;
*offset = i + 2;