mir/isc-dhcp
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/dhcp synced 2025-08-31 06:15:55 +00:00
Code Issues Releases Wiki Activity

When attempting to convert a DUID from a client id option

Browse Source 
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852]
CVE: CVE-2012-3570
This commit is contained in:
Shawn Routhier
2012-06-27 21:33:25 +00:00
parent de87ffe336
commit e563ec2e58
3 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/dhcpv6.c
View File

@@ -6037,7 +6037,7 @@ find_hosts_by_duid_chaddr(struct host_decl **host,
break;
}
if (hlen == 0)
if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN))
return 0;
/*