CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2021/06/08 08:42:24
Modified files: usr.sbin/vmd : Tag: OPENBSD_6_8 dhcp.c Log message: vmd(8): malicious dhcp packets on local ifs can cause stack overflows A sufficiently large dhcp packet can cause a stack overflow in vmd's internal dhcp server used for providing ip addresses to local guest interfaces. (This does not affect non-local interfaces.) The primary changes drop larger packets and change the memory copying logic to use a compile-time constant. The dhcp option processing also additional prevention for out of bound reads. While here, improve construction of the dhcp response's hostname handling to guard against overflowing the response dhcp options. Vulnerability reported by Maxime Villard. ok claudio@ from dv@ this is errata/6.8/025_vmd.patch.sig