diff --git a/src/isc-dhcp/patch/0013-Fix-dhcrelay-agent-option-buffer-pointer-logic.patch b/src/isc-dhcp/patch/0013-Fix-dhcrelay-agent-option-buffer-pointer-logic.patch new file mode 100644 index 0000000000..051b58966c --- /dev/null +++ b/src/isc-dhcp/patch/0013-Fix-dhcrelay-agent-option-buffer-pointer-logic.patch @@ -0,0 +1,53 @@ +From 0a2f9a62bceb90b0d30461add2e25c4ce7a24547 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder +Date: Fri, 20 Dec 2019 10:11:54 -0500 +Subject: [PATCH] [#71] Fix dhcrelay agent option buffer pointer logic + +relay/dhcrelay.c + strip_relay_agent_options() + strip_relay_agent_options() + - corrected buffer pointer logic + +--- + relay/dhcrelay.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index 896e1e2e..980dacae 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -1238,8 +1238,13 @@ strip_relay_agent_options(struct interface_info *in, + return (0); + + if (sp != op) { +- memmove(sp, op, op[1] + 2); +- sp += op[1] + 2; ++ size_t mlen = op[1] + 2; ++ memmove(sp, op, mlen); ++ sp += mlen; ++ if (sp > max) { ++ return (0); ++ } ++ + op = nextop; + } else + op = sp = nextop; +@@ -1620,8 +1620,13 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet, + end_pad = NULL; + + if (sp != op) { +- memmove(sp, op, op[1] + 2); +- sp += op[1] + 2; ++ size_t mlen = op[1] + 2; ++ memmove(sp, op, mlen); ++ sp += mlen; ++ if (sp > max) { ++ return (0); ++ } ++ + op = nextop; + } else + op = sp = nextop; +-- +2.17.1 + diff --git a/src/isc-dhcp/patch/series b/src/isc-dhcp/patch/series index 5397aa0c6e..b9efee0192 100644 --- a/src/isc-dhcp/patch/series +++ b/src/isc-dhcp/patch/series @@ -11,3 +11,4 @@ 0010-Bugfix-correctly-set-interface-netmask.patch 0011-dhcp-relay-Prevent-Buffer-Overrun.patch 0012-add-option-si-to-support-using-src-intf-ip-in-relay.patch +0013-Fix-dhcrelay-agent-option-buffer-pointer-logic.patch