diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-09-17 22:18:49 +0900 |
---|---|---|
committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2019-09-17 18:29:20 +0000 |
commit | 6ffe71d0e22326f8ea5775c188ae0e13573cd123 (patch) | |
tree | c9cd15e6595f7abf5ff99c10a06ab6481a9304cd | |
parent | 59a224d7282e2605f1c6e45a588119263574267f (diff) | |
download | systemd-6ffe71d0e22326f8ea5775c188ae0e13573cd123.tar.gz |
dhcp6: add missing option length check
Closes #13578.
-rw-r--r-- | src/libsystemd-network/sd-dhcp6-client.c | 7 | ||||
-rw-r--r-- | test/fuzz/fuzz-dhcp6-client/crash-13578 | bin | 0 -> 62 bytes |
2 files changed, 5 insertions, 2 deletions
diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 7dab776b72..5a3b0a6353 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -29,8 +29,8 @@ #define MAX_MAC_ADDR_LEN INFINIBAND_ALEN -#define IRT_DEFAULT 1 * USEC_PER_DAY -#define IRT_MINIMUM 600 * USEC_PER_SEC +#define IRT_DEFAULT (1 * USEC_PER_DAY) +#define IRT_MINIMUM (600 * USEC_PER_SEC) /* what to request from the server, addresses (IA_NA) and/or prefixes (IA_PD) */ enum { @@ -1002,6 +1002,9 @@ static int client_parse_message( break; case SD_DHCP6_OPTION_INFORMATION_REFRESH_TIME: + if (optlen != 4) + return -EINVAL; + irt = be32toh(*(be32_t *) optval) * USEC_PER_SEC; break; } diff --git a/test/fuzz/fuzz-dhcp6-client/crash-13578 b/test/fuzz/fuzz-dhcp6-client/crash-13578 Binary files differnew file mode 100644 index 0000000000..0753966ea4 --- /dev/null +++ b/test/fuzz/fuzz-dhcp6-client/crash-13578 |