Module Name:src
Committed By: martin
Date: Wed May 1 09:25:16 UTC 2019
Modified Files:
src/external/bsd/dhcpcd/dist [netbsd-7-1]: auth.c dhcp.c dhcpcd.h
Log Message:
Apply patch, requested by roy in ticket #1690:
external/bsd/dhcpcd/dist/configure
external/bsd/dhcpcd/dist/src/auth.c
external/bsd/dhcpcd/dist/src/dhcp.c
external/bsd/dhcpcd/dist/src/dhcp6.c
external/bsd/dhcpcd/dist/compat/consttime_memequal.h
Security fixes for dhcpcd:
Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED.
Use consttime_memequal(3) to compare hashes.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.2.2 -r1.1.1.4.2.2.6.1 \
src/external/bsd/dhcpcd/dist/auth.c
cvs rdiff -u -r1.15.2.2 -r1.15.2.2.6.1 src/external/bsd/dhcpcd/dist/dhcp.c
cvs rdiff -u -r1.1.1.19.2.2 -r1.1.1.19.2.2.6.1 \
src/external/bsd/dhcpcd/dist/dhcpcd.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/dhcpcd/dist/auth.c
diff -u src/external/bsd/dhcpcd/dist/auth.c:1.1.1.4.2.2 src/external/bsd/dhcpcd/dist/auth.c:1.1.1.4.2.2.6.1
--- src/external/bsd/dhcpcd/dist/auth.c:1.1.1.4.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/auth.c Wed May 1 09:25:16 2019
@@ -1,5 +1,5 @@
#include
- __RCSID("$NetBSD: auth.c,v 1.1.1.4.2.2 2015/02/05 15:13:12 martin Exp $");
+ __RCSID("$NetBSD: auth.c,v 1.1.1.4.2.2.6.1 2019/05/01 09:25:16 martin Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -340,7 +340,7 @@ gottoken:
}
free(mm);
- if (memcmp(d, , dlen)) {
+ if (!consttime_memequal(d, , dlen)) {
errno = EPERM;
return NULL;
}
Index: src/external/bsd/dhcpcd/dist/dhcp.c
diff -u src/external/bsd/dhcpcd/dist/dhcp.c:1.15.2.2 src/external/bsd/dhcpcd/dist/dhcp.c:1.15.2.2.6.1
--- src/external/bsd/dhcpcd/dist/dhcp.c:1.15.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/dhcp.c Wed May 1 09:25:16 2019
@@ -1,5 +1,5 @@
#include
- __RCSID("$NetBSD: dhcp.c,v 1.15.2.2 2015/02/05 15:13:12 martin Exp $");
+ __RCSID("$NetBSD: dhcp.c,v 1.15.2.2.6.1 2019/05/01 09:25:16 martin Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -166,28 +166,6 @@ get_option(struct dhcpcd_ctx *ctx,
while (p < e) {
o = *p++;
- if (o == opt) {
- if (op) {
-if (!ctx->opt_buffer) {
- ctx->opt_buffer =
- malloc(DHCP_OPTION_LEN +
- BOOTFILE_LEN + SERVERNAME_LEN);
- if (ctx->opt_buffer == NULL)
- return NULL;
-}
-if (!bp)
- bp = ctx->opt_buffer;
-memcpy(bp, op, ol);
-bp += ol;
- }
- ol = *p;
- if (p + ol > e) {
-errno = EINVAL;
-return NULL;
- }
- op = p + 1;
- bl += ol;
- }
switch (o) {
case DHO_PAD:
continue;
@@ -205,16 +183,58 @@ get_option(struct dhcpcd_ctx *ctx,
} else
goto exit;
break;
- case DHO_OPTIONSOVERLOADED:
+ }
+
+ /* Check we can read the length */
+ if (p == e) {
+ errno = EINVAL;
+ return NULL;
+ }
+ l = *p++;
+
+ /* Check we can read the option data, if present */
+ if (p + l > e) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ if (o == DHO_OPTIONSOVERLOADED) {
/* Ensure we only get this option once by setting
* the last bit as well as the value.
* This is valid because only the first two bits
* actually mean anything in RFC2132 Section 9.3 */
- if (!overl)
-overl = 0x80 | p[1];
- break;
+ if (l == 1 && !overl)
+overl = 0x80 | p[0];
+ }
+
+ if (o == opt) {
+ if (op) {
+/* We must concatonate the options. */
+if (bl + l > ctx->opt_buffer_len) {
+ size_t pos;
+ uint8_t *nb;
+
+ if (bp)
+ pos = (size_t)
+ (bp - ctx->opt_buffer);
+ else
+ pos = 0;
+ nb = realloc(ctx->opt_buffer, bl + l);
+ if (nb == NULL)
+ return NULL;
+ ctx->opt_buffer = nb;
+ ctx->opt_buffer_len = bl + l;
+ bp = ctx->opt_buffer + pos;
+}
+if (bp == NULL)
+ bp = ctx->opt_buffer;
+memcpy(bp, op, ol);
+bp += ol;
+ }
+ ol = l;
+ op = p;
+ bl += ol;
}
- l = *p++;
p += l;
}
Index: src/external/bsd/dhcpcd/dist/dhcpcd.h
diff -u src/external/bsd/dhcpcd/dist/dhcpcd.h:1.1.1.19.2.2 src/external/bsd/dhcpcd/dist/dhcpcd.h:1.1.1.19.2.2.6.1
--- src/external/bsd/dhcpcd/dist/dhcpcd.h:1.1.1.19.2.2 Thu Feb 5 15:13:12 2015
+++ src/external/bsd/dhcpcd/dist/dhcpcd.h Wed May 1 09:25:16 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: dhcpcd.h,v 1.1.1.19.2.2 2015/02/05 15:13:12 martin Exp $ */
+/* $NetBSD: dhcpcd.h,v 1.1.1.19.2.2.6.1 2019/05/01 09:25:16 martin Exp $ */
/*
* dhcpcd - DHCP client daemon
@@ -131,6 +131,7 @@ struct dhcpcd_ctx {
* We ONLY use this when options are split, which for most purposes is
* practically never. See RFC3396 for details. */
uint8_t *opt_buffer;
+ size_t opt_buffer_len;
#endif
#ifdef INET6
unsigned char secret[SECRET_LEN];