packages/dnsmasq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dnsmasq/backport-Fix-buffer-overflow-when-configured-lease-change-scr.patch
胡义臻 f4b98f2cbf Fix out-of-bounds heap read in order_qsort(). 
Fix buffer overflow when configured lease-change script name

(cherry picked from commit b580ae493fc991eab96d764efa6818568be9a47c)
2024-12-17 10:40:28 +08:00

33 lines
1.0 KiB
Diff
Raw Blame History

From ae85ea38581e97445622d2dad79cd09775cb201a Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 21 Nov 2024 15:42:49 +0000
Subject: [PATCH] Fix buffer overflow when configured lease-change script name
is too long.
Thanks to Daniel Rhea for finding this one.
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=ae85ea38581e97445622d2dad79cd09775cb201a
Conflict:NA
---
src/lease.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lease.c b/src/lease.c
index 1a9f1c6..a944fbb 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -155,6 +155,10 @@ void lease_init(time_t now)
#ifdef HAVE_SCRIPT
if (daemon->lease_change_command)
{
+ /* 6 == strlen(" init") plus terminator */
+ if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
+ die(_("lease-change script name is too long"), NULL, EC_FILE);
+
strcpy(daemon->dhcp_buff, daemon->lease_change_command);
strcat(daemon->dhcp_buff, " init");
leasestream = popen(daemon->dhcp_buff, "r");
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink