dhclient: Fix the trivial buffer overruns correctly

A DHCP client identifier is simply the hardware type (one byte) concatenated with the hardware address (some variable number of bytes, but at most 16). Limit the size of the temporary buffer to match and the rest of the calculations shake out correctly. This is a follow-up to the incorrect r299512, reverted in r300172. CIDs: 1008682, 1305550 Sponsored by: EMC / Isilon Storage Division
author: cem <cem@FreeBSD.org> 2016-05-18 23:41:55 +0000
committer: cem <cem@FreeBSD.org> 2016-05-18 23:41:55 +0000
commit: 16b93d101357f716946014207ddfe9d849f97fc9 (patch)
tree: e038aed5349f822bd95b6b7549356d7ac2cb1abc /sbin
parent: 9e9e5fa3d9a209dadbb23a8dc1dfb7fe5c60f726 (diff)
download: FreeBSD-src-16b93d101357f716946014207ddfe9d849f97fc9.zip
FreeBSD-src-16b93d101357f716946014207ddfe9d849f97fc9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 4444f29..65f0eb5 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1570,7 +1570,7 @@ make_discover(struct interface_info *ip, struct client_lease *lease)
 	}
 
 	/* set unique client identifier */
-	char client_ident[sizeof(struct hardware)];
+	char client_ident[sizeof(ip->hw_address.haddr) + 1];
 	if (!options[DHO_DHCP_CLIENT_IDENTIFIER]) {
 		int hwlen = (ip->hw_address.hlen < sizeof(client_ident)-1) ?
 				ip->hw_address.hlen : sizeof(client_ident)-1;
author	cem <cem@FreeBSD.org>	2016-05-18 23:41:55 +0000
committer	cem <cem@FreeBSD.org>	2016-05-18 23:41:55 +0000
commit	16b93d101357f716946014207ddfe9d849f97fc9 (patch)
tree	e038aed5349f822bd95b6b7549356d7ac2cb1abc /sbin
parent	9e9e5fa3d9a209dadbb23a8dc1dfb7fe5c60f726 (diff)
download	FreeBSD-src-16b93d101357f716946014207ddfe9d849f97fc9.zip FreeBSD-src-16b93d101357f716946014207ddfe9d849f97fc9.tar.gz