diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2016-01-13 13:41:43 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2016-01-13 13:41:43 +0000 |
| commit | bba00739f9d339e931831dc564fe126608c1934f (patch) | |
| tree | bb41bf0a54e68409a4b64df3c43e1517e0c8381f /usr.sbin | |
| parent | a4311b47e4e2a84eeab23badfb7b782dbe38006b (diff) | |
"Check UDP length for short as well as long values" - apply the fix from
usr.sbin/dhcpd/packet.c r1.4 to dhcrelay. ok deraadt@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/dhcrelay/packet.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/dhcrelay/packet.c b/usr.sbin/dhcrelay/packet.c index 42f45af58f5..6352f0cf5a9 100644 --- a/usr.sbin/dhcrelay/packet.c +++ b/usr.sbin/dhcrelay/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.5 2014/10/25 03:23:49 lteo Exp $ */ +/* $OpenBSD: packet.c,v 1.6 2016/01/13 13:41:42 sthen Exp $ */ /* Packet assembly code, originally contributed by Archie Cobbs. */ @@ -223,7 +223,7 @@ decode_udp_ip_header(struct interface_info *interface, unsigned char *buf, data = buf + bufix + ip_len + sizeof(*udp); len = ntohs(udp->uh_ulen) - sizeof(*udp); udp_packets_length_checked++; - if (len + data > buf + bufix + buflen) { + if ((len < 0) || (len + data > buf + bufix + buflen)) { udp_packets_length_overflow++; if (udp_packets_length_checked > 4 && udp_packets_length_overflow != 0 && |