1*4882a593SmuzhiyunFrom 5436cafe1d7df409a44ff5f610248db57f0677ee Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Hitendra Prajapati <hprajapati@mvista.com> 3*4882a593SmuzhiyunDate: Mon, 10 Oct 2022 09:58:04 +0530 4*4882a593SmuzhiyunSubject: [PATCH 2/2] CVE-2022-2929 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunUpstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] 7*4882a593SmuzhiyunCVE: CVE-2022-2929 8*4882a593SmuzhiyunSigned-off-by: Hitendra Prajapati <hprajapati@mvista.com> 9*4882a593Smuzhiyun--- 10*4882a593Smuzhiyun common/options.c | 8 ++++---- 11*4882a593Smuzhiyun 1 file changed, 4 insertions(+), 4 deletions(-) 12*4882a593Smuzhiyun 13*4882a593Smuzhiyundiff --git a/common/options.c b/common/options.c 14*4882a593Smuzhiyunindex f0959cb..25450e1 100644 15*4882a593Smuzhiyun--- a/common/options.c 16*4882a593Smuzhiyun+++ b/common/options.c 17*4882a593Smuzhiyun@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options, 18*4882a593Smuzhiyun while (s < &bp -> data[0] + length + 2) { 19*4882a593Smuzhiyun len = *s; 20*4882a593Smuzhiyun if (len > 63) { 21*4882a593Smuzhiyun- log_info ("fancy bits in fqdn option"); 22*4882a593Smuzhiyun- return 0; 23*4882a593Smuzhiyun+ log_info ("label length exceeds 63 in fqdn option"); 24*4882a593Smuzhiyun+ goto bad; 25*4882a593Smuzhiyun } 26*4882a593Smuzhiyun if (len == 0) { 27*4882a593Smuzhiyun terminated = 1; 28*4882a593Smuzhiyun break; 29*4882a593Smuzhiyun } 30*4882a593Smuzhiyun if (s + len > &bp -> data [0] + length + 3) { 31*4882a593Smuzhiyun- log_info ("fqdn tag longer than buffer"); 32*4882a593Smuzhiyun- return 0; 33*4882a593Smuzhiyun+ log_info ("fqdn label longer than buffer"); 34*4882a593Smuzhiyun+ goto bad; 35*4882a593Smuzhiyun } 36*4882a593Smuzhiyun 37*4882a593Smuzhiyun if (first_len == 0) { 38*4882a593Smuzhiyun-- 39*4882a593Smuzhiyun2.25.1 40*4882a593Smuzhiyun 41