diff options
-rw-r--r-- | RELNOTES | 5 | ||||
-rw-r--r-- | common/options.c | 8 |
2 files changed, 9 insertions, 4 deletions
@@ -36,6 +36,11 @@ by Eric Young (eay@cryptsoft.com). [Gitblab #253] CVE: CVS-2022-2928 +! Corrected a memory leak that occurs when unpacking a packet that has an + FQDN option (81) that contains a label whose lenght is greater than 63. + [Gitblab #254] + CVE: CVS-2022-2929 + Changes since 4.4.2-P1 (New Features) - Two new OMAPI function calls were added, `dhcpctl_timed_connect()` diff --git a/common/options.c b/common/options.c index f0959cb2..25450e1d 100644 --- a/common/options.c +++ b/common/options.c @@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options, while (s < &bp -> data[0] + length + 2) { len = *s; if (len > 63) { - log_info ("fancy bits in fqdn option"); - return 0; + log_info ("label length exceeds 63 in fqdn option"); + goto bad; } if (len == 0) { terminated = 1; break; } if (s + len > &bp -> data [0] + length + 3) { - log_info ("fqdn tag longer than buffer"); - return 0; + log_info ("fqdn label longer than buffer"); + goto bad; } if (first_len == 0) { |