22 lines
858 B
Diff
22 lines
858 B
Diff
diff -up dhcp-4.1.0/client/dhclient.c.CVE-2009-0692 dhcp-4.1.0/client/dhclient.c
|
|
--- dhcp-4.1.0/client/dhclient.c.CVE-2009-0692 2008-06-11 10:17:10.000000000 -1000
|
|
+++ dhcp-4.1.0/client/dhclient.c 2009-08-05 11:32:24.000000000 -1000
|
|
@@ -3054,8 +3054,15 @@ void script_write_params (client, prefix
|
|
if (data.len > 3) {
|
|
struct iaddr netmask, subnet, broadcast;
|
|
|
|
- memcpy (netmask.iabuf, data.data, data.len);
|
|
- netmask.len = data.len;
|
|
+ /*
|
|
+ * No matter the length of the subnet-mask option,
|
|
+ * use only the first four octets. Note that
|
|
+ * subnet-mask options longer than 4 octets are not
|
|
+ * in conformance with RFC 2132, but servers with this
|
|
+ * flaw do exist.
|
|
+ */
|
|
+ memcpy(netmask.iabuf, data.data, 4);
|
|
+ netmask.len = 4;
|
|
data_string_forget (&data, MDL);
|
|
|
|
subnet = subnet_number (lease -> address, netmask);
|