projects / project / odhcp6c.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b0d1c58)
Check for unsupported PD exclusion configuration in dhcpv6_parse_ia
authorBen Hutchings <ben@decadent.org.uk>
Thu, 28 Jan 2016 01:28:32 +0000 (01:28 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 28 Jan 2016 13:33:46 +0000 (13:33 +0000)
We currently only support PD exclusions that only affect bits 64-95 of
the address, so we require:

    32 <= PD prefix length < exclusion prefix length <= 64

The first inequality was not validated, and this could result in a
buffer overflow when generating the next request message.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
src/dhcpv6.c patch | blob | history

diff --git a/src/dhcpv6.c b/src/dhcpv6.c
index c2a3e3d630a6fb42e0db54696cef2b3b9417cde7..2d8124f288171f966e777720254c401d7d3b14ce 100644 (file)
--- a/src/dhcpv6.c
+++ b/src/dhcpv6.c
@@ -1185,7 +1185,7 @@ static int dhcpv6_parse_ia(void *opt, void *end)
                                if (elen > 64)
                                        elen = 64;
 
-                               if (elen <= 32 || elen <= entry.length) {
+                               if (entry.length < 32 || elen <= entry.length) {
                                        ok = false;
                                        continue;
                                }
Openwrt DHCPv6 Client