ddbf02ae19016710a31fca4b2bc26f08a6fe191f |
|
05-Jan-2016 |
Samuel Tan <samueltan@google.com> |
[PATCH] UPSTREAM: Fix heap-based overflow in dhcp_envoption1 dhcp_optlen now returns the length of the data we can sanely work on given the option definition and data length. Call dhcp_optlen in dhcp_envoption1 to take into ensure these bounds are not overstepped. Fixes an issue reported by Nico Golde where extra undersized data was present in the option. An example of this would be an array of uint16's with a trailing byte. http://roy.marples.name/projects/dhcpcd/ci/76a1609352263bd9?sbs=0 BUG: 26402253 Change-Id: Ic3c73277bb1cc09be08b3fbceecb97e2effd05ff
/external/dhcpcd-6.8.2/dhcp-common.h
|