From bf3c52b676b279b6358751ce46aaf98a205c7e53 Mon Sep 17 00:00:00 2001 From: Kenneth R Westerback Date: Wed, 4 Dec 2013 16:54:29 +0000 Subject: Be more careful to ensure memcpy'd data will fit. Potential problems pointed out by matthew@. --- sbin/dhclient/dhclient.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c index b8028bad55c..8033caa7b21 100644 --- a/sbin/dhclient/dhclient.c +++ b/sbin/dhclient/dhclient.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhclient.c,v 1.268 2013/11/20 17:22:46 deraadt Exp $ */ +/* $OpenBSD: dhclient.c,v 1.269 2013/12/04 16:54:28 krw Exp $ */ /* * Copyright 2004 Henning Brauer @@ -862,8 +862,10 @@ bind_lease(void) flush_routes(ifi->name, ifi->rdomain); memset(&mask, 0, sizeof(mask)); - memcpy(&mask.s_addr, options[DHO_SUBNET_MASK].data, - options[DHO_SUBNET_MASK].len); + if (options[DHO_SUBNET_MASK].len == sizeof(mask.s_addr)) { + memcpy(&mask.s_addr, options[DHO_SUBNET_MASK].data, + sizeof(mask.s_addr)); + } /* * Add address and default route last, so we know when the binding @@ -874,11 +876,11 @@ bind_lease(void) add_classless_static_routes(ifi->rdomain, &options[DHO_CLASSLESS_STATIC_ROUTES]); } else { - if (options[DHO_ROUTERS].len) { + if (options[DHO_ROUTERS].len >= sizeof(gateway.s_addr)) { memset(&gateway, 0, sizeof(gateway)); /* XXX Only use FIRST router address for now. */ memcpy(&gateway.s_addr, options[DHO_ROUTERS].data, - options[DHO_ROUTERS].len); + sizeof(gateway.s_addr)); add_default_route(ifi->rdomain, client->new->address, gateway); } -- cgit v1.2.3