fix CVE-2021-25217

CVE-2021-25217.patch

@@ -0,0 +1,33 @@
+diff --git a/common/parse.c b/common/parse.c
+index 3329657..8772540 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -3,7 +3,7 @@
+    Common parser code for dhcpd and dhclient. */
+ 
+ /*
+- * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2004-2021 by Internet Systems Consortium, Inc. ("ISC")
+  * Copyright (c) 1995-2003 by Internet Software Consortium
+  *
+  * This Source Code Form is subject to the terms of the Mozilla Public
+@@ -5613,13 +5613,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
++			convert_num (cfile, &buf [len], val, 16, 8);
++			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,
+-- 
+1.8.3.1
+

dhcp.spec

@@ -3,7 +3,7 @@
 
 Name:      dhcp
 Version:   4.4.2
-Release:   5
+Release:   6
 Summary:   Dynamic host configuration protocol software
 #Please don't change the epoch on this package
 Epoch:     12
@@ -53,6 +53,7 @@ Patch31: dhcpd-coredump-infiniband.patch
 Patch32: bugfix-dhclient-check-if-pid-was-held.patch
 Patch33: bugfix-dhcp-64-bit-lease-parse.patch
 Patch34: dhcp-remove-bind.patch
+Patch35: CVE-2021-25217.patch
 
 BuildRequires: gcc autoconf automake libtool openldap-devel krb5-devel libcap-ng-devel bind-export-devel
 BuildRequires: systemd systemd-devel
@@ -287,6 +288,12 @@ exit 0
 %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Mon May 31 2021 renmingshuai <renmingshuai@huawei.com> - 4.4.2-6
+- Type:CVE
+- ID:NA
+- SUG:restart
+- DESC:CVE-2021-25217
+
 * Sat Feb 20 2021 hanzhijun <hanzhijun1@huawei.com> - 4.4.2-5
 - Type:bugfix
 - ID:NA