[Dnsmasq-discuss] [PATCH] Add support for unique TFTP root per MAC
Simon Kelley
simon at thekelleys.org.uk
Sun Apr 9 22:28:48 BST 2017
Patch accepted, with one change
> snprintf(daemon->namebuff+oldlen, sizeof(daemon->namebuff)-oldlen, "%.2x-%.2x-%.2x-%.2x-%.2x-%.2x/",
daemon->namebuff is a char *, so sizeof(daemon->namebuff) is 4 or 8 and
sizeof(daemon->namebuff)-oldlen is a negative number which is a large
positive number when promoted to unsigned size_t. There's thus
effectively no protection here against buffer overflow.
In such ways are security CVEs seeded :)
A changed sizeof(daemon->namebuff) to (MAXDNAME-1) which is the
buffer-size limit used elsewhere in this code.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list