[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: Security bug in udhcp applet
From: Krishna Ram Prakash R <krp () gtux ! in>
Date: 2018-12-20 12:35:30
Message-ID: 4a73a6e9-cf03-b07b-b13a-62b03c15b9be () gtux ! in
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
Hi Denys,
Thanks for the fix!
Wouldn't the option parsing loop in fill_envp() in dhcpc.c parse and
load options without checking for the expected length and still result
in out-of-bounds read? Any thoughts on that?
Thanks,
KRP
On 12/18/18 12:17 AM, Denys Vlasenko wrote:
> I committed a fix, see bz
> On Mon, Dec 17, 2018 at 6:52 AM Krishna Ram Prakash R <krp@gtux.in> wrote:
>>
>>
>> Hi all,
>>
>> I reported a security bug in udhcp applet, a few days back in busybox
>> Bugzilla[1] as I could not find any private disclosure mailing lists.
>> But, it is not yet assigned and there are no activities in the bug report.
>>
>> Just a gentle reminder to the maintainers in case it has been missed.
>>
>> Thanks,
>> KRP
>>
>> [1] https://bugs.busybox.net/show_bug.cgi?id=11506
>>
>>
>>
>> _______________________________________________
>> busybox mailing list
>> busybox@busybox.net
>> http://lists.busybox.net/mailman/listinfo/busybox
["signature.asc" (application/pgp-signature)]
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic