https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255098
Bug ID: 255098
Summary: dhclient dns-label compression bug
Product: Base System
Version: 12.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: b...@freebsd.org
Reporter: p...@redbarn.org
Created attachment 224142
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=224142&action=edit
patch to fix a decompression bug long since fixed upstream
there is a bug in the dns-label decompression logic here, discovered by
auditing the code at mark andrews' behest, after reading the forescout report
which unfairly maligned freebsd has having a vulnerability in its "stack".
this code is a copy of something in libresolv, and this bug was fixed long ago
in libresolv, and in ISC DHCP, but not in the freebsd (by way of openbsd)
version. therefore, see attached patch.
0xC0 is 0b11000000. the "11" indicates a 14-bit compression pointer (offset
from the start of the message). other patterns are "01" and "10" which have
sometimes been defined but are currently reserved.
only where the pattern is "11" should the 14-bit compression pointer be used.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
