Overview

File 0003-dhcp4-free-lease-on-response-without-message-type-CV.patch of Package wicked.13938

From 9d619f4c93c6499fb656bcbc950c7572b7d97568 Mon Sep 17 00:00:00 2001
References: CVE-2020-7216,bsc#1160905
Upstream: yes
From: =?UTF-8?q?Rub=C3=A9n=20Torrero=20Marijnissen?=
 <rtorreromarijnissen@suse.com>
Date: Wed, 22 Jan 2020 12:19:12 +0000
Subject: [PATCH 3/3] dhcp4: free lease on response without message type
 (CVE-2020-7216,bsc#1160905)

---
 src/dhcp4/protocol.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/dhcp4/protocol.c b/src/dhcp4/protocol.c
index c8ae3d29..8eb1dc99 100644
--- a/src/dhcp4/protocol.c
+++ b/src/dhcp4/protocol.c
@@ -1909,6 +1909,12 @@ parse_more:
 		}
 	}
 
+	// We should have a msg_type by now
+	if (msg_type < 0) {
+		ni_debug_dhcp("unable to parse DHCP4 response: missing msg type");
+		goto error;
+	}
+
 	if (options->underflow) {
 		ni_debug_dhcp("unable to parse DHCP4 response: truncated packet");
 		goto error;
-- 
2.16.4
openSUSE Build Service is sponsored by
Places