Overview

File 0005-dhcp4-discard-lease-on-client-id-mismatch-CVE-2020-7.patch of Package wicked.14026

From 1ebab42a37e702b96d2c71f8ca5c4a427b000801 Mon Sep 17 00:00:00 2001
References: CVE-2020-7217,bsc#1160906
Upstream: yes
From: =?UTF-8?q?Rub=C3=A9n=20Torrero=20Marijnissen?=
 <rtorreromarijnissen@suse.com>
Date: Fri, 31 Jan 2020 10:55:24 +0000
Subject: [PATCH 2/2] dhcp4: discard lease on client-id mismatch
 (CVE-2020-7217,bsc#1160906)

---
 src/dhcp4/fsm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/dhcp4/fsm.c b/src/dhcp4/fsm.c
index 89c9148f..dcd19103 100644
--- a/src/dhcp4/fsm.c
+++ b/src/dhcp4/fsm.c
@@ -153,6 +153,7 @@ ni_dhcp4_fsm_process_dhcp4_packet(ni_dhcp4_device_t *dev, ni_buffer_t *msgbuf, n
 		 */
 		ni_debug_dhcp("%s: ignoring packet with not matching client-id%s%s",
 				dev->ifname, sender ? " sender " : "", sender ? sender : "");
+		ni_addrconf_lease_free(lease);
 		return -1;
 	}
 
-- 
2.16.4
openSUSE Build Service is sponsored by
Places