CVS commit: src/sys/lib/libsa

Wed, 06 May 2009 16:57:09 -0700 

Module Name:    src
Committed By:   roy
Date:           Wed May  6 23:56:49 UTC 2009

Modified Files:
        src/sys/lib/libsa: bootp.c

Log Message:
We should check for potential overflows.

ok: martin


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/lib/libsa/bootp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/lib/libsa/bootp.c
diff -u src/sys/lib/libsa/bootp.c:1.34 src/sys/lib/libsa/bootp.c:1.35
--- src/sys/lib/libsa/bootp.c:1.34	Sat Jan 17 14:00:36 2009
+++ src/sys/lib/libsa/bootp.c	Wed May  6 23:56:49 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: bootp.c,v 1.34 2009/01/17 14:00:36 tsutsui Exp $	*/
+/*	$NetBSD: bootp.c,v 1.35 2009/05/06 23:56:49 roy Exp $	*/
 
 /*
  * Copyright (c) 1992 Regents of the University of California.
@@ -372,21 +372,21 @@
 		if (tag == TAG_END)
 			break;
 
-		if (tag == TAG_SUBNET_MASK) {
+		if (tag == TAG_SUBNET_MASK && size >= sizeof(smask)) {
 			(void)memcpy(&smask, cp, sizeof(smask));
 		}
-		if (tag == TAG_GATEWAY) {
+		if (tag == TAG_GATEWAY && size >= sizeof(gateip.s_addr)) {
 			(void)memcpy(&gateip.s_addr, cp, sizeof(gateip.s_addr));
 		}
-		if (tag == TAG_SWAPSERVER) {
+		if (tag == TAG_SWAPSERVER && size >= sizeof(rootip.s_addr)) {
 			/* let it override bp_siaddr */
 			(void)memcpy(&rootip.s_addr, cp, sizeof(rootip.s_addr));
 		}
-		if (tag == TAG_ROOTPATH) {
+	        if (tag == TAG_ROOTPATH && size < sizeof(rootpath)) {
 			strncpy(rootpath, (char *)cp, sizeof(rootpath));
 			rootpath[size] = '\0';
 		}
-		if (tag == TAG_HOSTNAME) {
+		if (tag == TAG_HOSTNAME && size < sizeof(hostname)) {
 			strncpy(hostname, (char *)cp, sizeof(hostname));
 			hostname[size] = '\0';
 		}
@@ -396,13 +396,15 @@
 				return -1;
 			dhcp_ok = 1;
 		}
-		if (tag == TAG_SERVERID) {
+		if (tag == TAG_SERVERID &&
+		    size >= sizeof(dhcp_serverip.s_addr))
+		{
 			(void)memcpy(&dhcp_serverip.s_addr, cp, 
 			      sizeof(dhcp_serverip.s_addr));
 		}
 #endif
 #ifdef SUPPORT_LINUX
-		if (tag == TAG_LINUX_CMDLINE) {
+		if (tag == TAG_LINUX_CMDLINE && size < sizeof(linuxcmdline)) {
 			strncpy(linuxcmdline, (char *)cp, sizeof(linuxcmdline));
 			linuxcmdline[size] = '\0';
 		}

Reply via email to