[Toybox] [Patch] dhcp client - crash fix
Ashwini Sharma
ak.ashwini1981 at gmail.com
Wed May 21 01:45:38 PDT 2014
Hi Rob, list,
dhcp client had a segfault, when DHCP message contained 'pad' option.
The parsing logic kept checking for other options beyond __pad__ option,
without
checking if it was __end__ option after that or not.
--- a/toys/pending/dhcp.c 2014-05-14 06:15:01.000000000 +0530
+++ b/toys/pending/dhcp.c 2014-05-21 14:11:22.396020084 +0530
@@ -1101,7 +1101,10 @@
}
while (*optptr != DHCP_OPTION_END) {
- while (*optptr == DHCP_OPTION_PADDING) optptr++;
+ if (*optptr == DHCP_OPTION_PADDING) {
+ optptr++;
+ continue;
+ }
if (*optptr == DHCP_OPTION_OVERLOAD) {
overloaded = optptr[2];
optptr += optptr[1] + 2;
Please apply the attched fix patch to dhcp.c
regards,
Ashwini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20140521/c97e423b/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcp.c.patch
Type: application/octet-stream
Size: 494 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20140521/c97e423b/attachment-0004.obj>
More information about the Toybox
mailing list