Author: emaste
Date: Wed Dec 19 18:17:59 2018
New Revision: 342228
URL: https://svnweb.freebsd.org/changeset/base/342228
Log:
MFC r342227: bootpd: validate hardware type
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.
admbugs: 850
Reported by: Reno Robert
Reviewed by: markj
Approved by: so
Security: FreeBSD-SA-18:15.bootpd
Sponsored by: The FreeBSD Foundation
Modified:
stable/12/libexec/bootpd/bootpd.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/libexec/bootpd/bootpd.c
==============================================================================
--- stable/12/libexec/bootpd/bootpd.c Wed Dec 19 18:16:29 2018
(r342227)
+++ stable/12/libexec/bootpd/bootpd.c Wed Dec 19 18:17:59 2018
(r342228)
@@ -636,6 +636,10 @@ handle_request()
char *homedir, *bootfile;
int n;
+ if (bp->bp_htype >= hwinfocnt) {
+ report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
+ return;
+ }
bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
/* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
