other fixes);
dhcpcd-7.0.0, 7.0.1 and 7.0.2 are vulnerable to the DHCP6 issue where the
message is copied from the DHCP6 option into a buffer, but is NULL terminated
beyond the size of the buffer.
dhcpcd-6 is not vulnerable.
earlier feedback from naddy, and a reminder about rtsol from Ross L Richardson.
- convert some description into comments in the sample config
- disable all hooks in DHCPv6-PD sample by overriding "script", they're
often not needed in this situation (and disabling hooks individually with
nohook leaves you open to the potential for new ones being added later)
- rtsol -> "inet6 autoconf"
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d
- Ensure that option length fits inside data length less option size.
(can lead to an invalid read/crash via malformed dhcp responses)
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9
- dhcp_optlen now returns the length of the data we can sanely work
on given the option definition and data length. Call dhcp_optlen in
dhcp_envoption1 to take into ensure these bounds are not overstepped.
Fixes an issue reported by Nico Golde where extra undersized data was
present in the option. An example of this would be an array of uint16's
with a trailing byte.
(reporter says "exploitation is non-trivial, but i'd love to be
proven wrong.")
dhcpcd is a DHCPv4/IPv4LL/IPv6RS/DHCPv6 quad stack client.
It will listen for new interfaces and carrier signals from the kernel
so it can quickly configure each interface as it appears.
dhcpcd has a powerful DHCP expression engine which makes it easy
to decode future RFC DHCP options, or handroll your own.
