diff options
author | H. Peter Anvin <hpa@zytor.com> | 2007-06-07 21:45:33 -0700 |
---|---|---|
committer | H. Peter Anvin <hpa@zytor.com> | 2007-06-07 21:45:33 -0700 |
commit | 8fda60c4d991d49955c3815145ccf2c3c1405d59 (patch) | |
tree | 7cb21724ce80ee3983fe9969927945b412c7f6aa /pxelinux.asm | |
parent | c3ff1927d97099b8e30377a0ee063e716416a751 (diff) | |
download | syslinux-8fda60c4d991d49955c3815145ccf2c3c1405d59.tar.gz |
Sanitize handling of client identifier option
The first byte of the client identifier is the identifier type.
Look at that one first and only copy if it matches the hardware ARP type.
Diffstat (limited to 'pxelinux.asm')
-rw-r--r-- | pxelinux.asm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pxelinux.asm b/pxelinux.asm index b9c541e7..02674d60 100644 --- a/pxelinux.asm +++ b/pxelinux.asm @@ -2196,8 +2196,16 @@ dopt_%2: dopt 61, client_identifier cmp ax,MAC_MAX ; Too long? ja .skip + cmp ax,2 ; Too short? + jb .skip cmp [MACLen],ah ; Only do this if MACLen == 0 jne .skip + push ax + lodsb ; Client identifier type + cmp al,[MACType] + pop ax + jne .skip ; Client identifier is not a MAC + dec ax mov [MACLen],al mov di,MAC jmp dhcp_copyoption |