aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-09-02 16:25:31 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-09-02 16:25:31 +0000
commitb2ed812dbd2e0872806aed91ec528ed46271c5ca (patch)
tree2a7dbd7fa356d970f551628848147f5865a4cd18
parentf6ce56c68ca2daa2bafb2752e4704188bfcf9e3c (diff)
downloadsrc-b2ed812dbd2e0872806aed91ec528ed46271c5ca.tar.gz
src-b2ed812dbd2e0872806aed91ec528ed46271c5ca.zip
Fix dhclient heap overflow.
Approved by: so Security: FreeBSD-SA-20:26.dhclient Security: CVE-2020-7461
Notes
Notes: svn path=/releng/12.1/; revision=365257
-rw-r--r--sbin/dhclient/options.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sbin/dhclient/options.c b/sbin/dhclient/options.c
index dc4cceab8418..afdb3985aa59 100644
--- a/sbin/dhclient/options.c
+++ b/sbin/dhclient/options.c
@@ -298,6 +298,8 @@ find_search_domain_name_len(struct option_data *option, size_t *offset)
pointed_len = find_search_domain_name_len(option,
&pointer);
+ if (pointed_len < 0)
+ return (-1);
domain_name_len += pointed_len;
*offset = i + 2;