RELNOTES
Added a release note
common/options.c
fqdn_universe_decode() - replace returns with
gotos to ensure memory is freed on label length
errors
[Gitblab #253]
CVE: CVS-2022-2928
+! Corrected a memory leak that occurs when unpacking a packet that has an
+ FQDN option (81) that contains a label whose lenght is greater than 63.
+ [Gitblab #254]
+ CVE: CVS-2022-2929
+
Changes since 4.4.2-P1 (New Features)
- Two new OMAPI function calls were added, `dhcpctl_timed_connect()`
while (s < &bp -> data[0] + length + 2) {
len = *s;
if (len > 63) {
- log_info ("fancy bits in fqdn option");
- return 0;
+ log_info ("label length exceeds 63 in fqdn option");
+ goto bad;
}
if (len == 0) {
terminated = 1;
break;
}
if (s + len > &bp -> data [0] + length + 3) {
- log_info ("fqdn tag longer than buffer");
- return 0;
+ log_info ("fqdn label longer than buffer");
+ goto bad;
}
if (first_len == 0) {