48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
From 10c175968fbbabc20316b85b85185f946499ec40 Mon Sep 17 00:00:00 2001
|
|
From: Zhixiong Chi <zhixiong.chi@windriver.com>
|
|
Date: Mon, 13 Nov 2023 18:12:08 -0800
|
|
Subject: [PATCH] CVE-2022-2929
|
|
|
|
Description: DHCP memory leak
|
|
Origin: upstream
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2929
|
|
Forwarded: not-needed
|
|
Last-Update: 2022-10-04
|
|
|
|
The upstream patch is only in diff format without a git header which I
|
|
have created here.
|
|
[Backport patch from https://sources.debian.org/src/isc-dhcp/4.4.1-2.3%252Bdeb11u2/debian/patches/CVE-2022-2929.patch]
|
|
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
|
|
---
|
|
common/options.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/common/options.c b/common/options.c
|
|
index 253cbc1..c70a8ac 100644
|
|
--- a/common/options.c
|
|
+++ b/common/options.c
|
|
@@ -449,16 +449,16 @@ int fqdn_universe_decode (struct option_state *options,
|
|
while (s < &bp -> data[0] + length + 2) {
|
|
len = *s;
|
|
if (len > 63) {
|
|
- log_info ("fancy bits in fqdn option");
|
|
- return 0;
|
|
+ log_info ("label length exceeds 63 in fqdn option");
|
|
+ goto bad;
|
|
}
|
|
if (len == 0) {
|
|
terminated = 1;
|
|
break;
|
|
}
|
|
if (s + len > &bp -> data [0] + length + 3) {
|
|
- log_info ("fqdn tag longer than buffer");
|
|
- return 0;
|
|
+ log_info ("fqdn label longer than buffer");
|
|
+ goto bad;
|
|
}
|
|
|
|
if (first_len == 0) {
|
|
--
|
|
2.42.0
|
|
|