diff options
| author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2011-11-12 15:39:53 +0000 |
|---|---|---|
| committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2011-11-12 15:39:53 +0000 |
| commit | 22b317d4814ec2f7b8b91ae1b397d3b87b000861 (patch) | |
| tree | 39f81c8591cfd5c507f13aa8282ea4befaec7779 /usr.sbin | |
| parent | 2c31ff6710cd83840eeb1e75cab699a925305358 (diff) | |
Zero option processing stack storage to prevent stack garbage that
happens to look like options from being processed as options when
truncated packets received.
Potential problem pointed out by mikeb@, from a couple of NIST
reports (CVE-2011-2748 and CVE-2011-2749).
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/dhcpd/dispatch.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/dhcpd/dispatch.c b/usr.sbin/dhcpd/dispatch.c index f4f25781933..be9ee3a78a5 100644 --- a/usr.sbin/dhcpd/dispatch.c +++ b/usr.sbin/dhcpd/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.28 2010/11/19 08:00:56 ajacoutot Exp $ */ +/* $OpenBSD: dispatch.c,v 1.29 2011/11/12 15:39:52 krw Exp $ */ /* * Copyright (c) 1995, 1996, 1997, 1998, 1999 @@ -391,6 +391,8 @@ got_one(struct protocol *l) } u; struct interface_info *ip = l->local; + bzero(&u, sizeof(u)); + if ((result = receive_packet(ip, u.packbuf, sizeof u, &from, &hfrom)) == -1) { warning("receive_packet failed on %s: %s", ip->name, |