Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overflow when configured lease-change script name

Browse Source 
is too long.

Thanks to Daniel Rhea for finding this one.
This commit is contained in:
Simon Kelley
2024-11-21 15:42:49 +00:00
parent b087cf4a6c
commit ae85ea3858
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -11,6 +11,10 @@ version 2.91
which is clearly rare in the wild, but if it did exist it could
provoke a SIGSEV. Thanks to Daniel Rhea for fuzzing this one.
Fix buffer overflow when configured lease-change script name
is too long.
Thanks to Daniel Rhea for finding this one.
version 2.90
Fix reversion in --rev-server introduced in 2.88 which
caused breakage if the prefix length is not exactly divisible

4
src/lease.c
View File

@@ -150,6 +150,10 @@ void lease_init(time_t now)
#ifdef HAVE_SCRIPT
if (daemon->lease_change_command)
{
/* 6 == strlen(" init") plus terminator */
if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
die(_("lease-change script name is too long"), NULL, EC_FILE);
strcpy(daemon->dhcp_buff, daemon->lease_change_command);
strcat(daemon->dhcp_buff, " init");
leasestream = popen(daemon->dhcp_buff, "r");