File 0003-dhcp4-free-lease-on-response-without-message-type-CV.patch of Package wicked.13938
From 9d619f4c93c6499fb656bcbc950c7572b7d97568 Mon Sep 17 00:00:00 2001
References: CVE-2020-7216,bsc#1160905
Upstream: yes
From: =?UTF-8?q?Rub=C3=A9n=20Torrero=20Marijnissen?=
<rtorreromarijnissen@suse.com>
Date: Wed, 22 Jan 2020 12:19:12 +0000
Subject: [PATCH 3/3] dhcp4: free lease on response without message type
(CVE-2020-7216,bsc#1160905)
---
src/dhcp4/protocol.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/dhcp4/protocol.c b/src/dhcp4/protocol.c
index c8ae3d29..8eb1dc99 100644
--- a/src/dhcp4/protocol.c
+++ b/src/dhcp4/protocol.c
@@ -1909,6 +1909,12 @@ parse_more:
}
}
+ // We should have a msg_type by now
+ if (msg_type < 0) {
+ ni_debug_dhcp("unable to parse DHCP4 response: missing msg type");
+ goto error;
+ }
+
if (options->underflow) {
ni_debug_dhcp("unable to parse DHCP4 response: truncated packet");
goto error;
--
2.16.4