[Toybox] [Patch] dhcp client - crash fix

Ashwini Sharma ak.ashwini1981 at gmail.com
Wed May 21 01:45:38 PDT 2014


Hi Rob, list,

dhcp client had a segfault, when DHCP message contained 'pad' option.

The parsing logic kept checking for other options beyond __pad__ option,
without
checking if it was __end__ option after that or not.

--- a/toys/pending/dhcp.c 2014-05-14 06:15:01.000000000 +0530
+++ b/toys/pending/dhcp.c 2014-05-21 14:11:22.396020084 +0530
@@ -1101,7 +1101,10 @@
   }

   while (*optptr != DHCP_OPTION_END) {
-    while (*optptr == DHCP_OPTION_PADDING) optptr++;
+    if (*optptr == DHCP_OPTION_PADDING) {
+      optptr++;
+      continue;
+    }
     if (*optptr == DHCP_OPTION_OVERLOAD) {
       overloaded = optptr[2];
       optptr += optptr[1] + 2;

Please apply the attched fix patch to dhcp.c

regards,
Ashwini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20140521/c97e423b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcp.c.patch
Type: application/octet-stream
Size: 493 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20140521/c97e423b/attachment.obj>


More information about the Toybox mailing list