From f325ee36ccfb1ab4c0b68b8d17277460dcb9d3ea Mon Sep 17 00:00:00 2001 From: Young Xiao <92siuyang@gmail.com> Date: Tue, 21 May 2019 21:13:26 +0800 Subject: [PATCH] dhclient: Fix the trivial buffer overruns A DHCP client identifier is simply the hardware type (one byte) concatenated with the hardware address (some variable number of bytes, but at most 16). Limit the size of the temporary buffer to match and the rest of the calculations shake out correctly. Signed-off-by: Young Xiao <92siuyang@gmail.com> --- sbin/dhclient/dhclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c index 1d013ed..6411619 100644 --- a/sbin/dhclient/dhclient.c +++ b/sbin/dhclient/dhclient.c @@ -1782,7 +1782,7 @@ make_request(struct interface_info *ip, struct client_lease * lease) } /* set unique client identifier */ - char client_ident[sizeof(struct hardware)]; + char client_ident[sizeof(ip->hw_address.haddr) + 1]; if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) { int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ? ip->hw_address.hlen : sizeof(client_ident)-1; -- 2.7.4