bootp: limit vendor-specific area to input packet memory buffer
sizeof(bootp_t) currently holds DHCP_OPT_LEN. Remove this optional field from the structure, to help with the following patch checking for minimal header size. Modify the bootp_reply() function to take the buffer boundaries and avoiding potential buffer overflow. Related to CVE-2021-3592. https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44 Signed-off-by:Marc-André Lureau <marcandre.lureau@redhat.com>
-
mentioned in issue #48 (closed)
-
mentioned in merge request !95 (merged)
-
mentioned in issue #51 (closed)
Please register or sign in to comment