41 lines
1.1 KiB
Diff
41 lines
1.1 KiB
Diff
From 5436cafe1d7df409a44ff5f610248db57f0677ee Mon Sep 17 00:00:00 2001
|
|
From: Hitendra Prajapati <hprajapati@mvista.com>
|
|
Date: Mon, 10 Oct 2022 09:58:04 +0530
|
|
Subject: [PATCH 2/2] CVE-2022-2929
|
|
|
|
Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
|
|
CVE: CVE-2022-2929
|
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
---
|
|
common/options.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/common/options.c b/common/options.c
|
|
index f0959cb..25450e1 100644
|
|
--- a/common/options.c
|
|
+++ b/common/options.c
|
|
@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options,
|
|
while (s < &bp -> data[0] + length + 2) {
|
|
len = *s;
|
|
if (len > 63) {
|
|
- log_info ("fancy bits in fqdn option");
|
|
- return 0;
|
|
+ log_info ("label length exceeds 63 in fqdn option");
|
|
+ goto bad;
|
|
}
|
|
if (len == 0) {
|
|
terminated = 1;
|
|
break;
|
|
}
|
|
if (s + len > &bp -> data [0] + length + 3) {
|
|
- log_info ("fqdn tag longer than buffer");
|
|
- return 0;
|
|
+ log_info ("fqdn label longer than buffer");
|
|
+ goto bad;
|
|
}
|
|
|
|
if (first_len == 0) {
|
|
--
|
|
2.25.1
|
|
|