Package: dhcpcd5 / 7.1.0-2

Metadata

Package Version Patches format
dhcpcd5 7.1.0-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Fix typo in manpage.patch | (download)

src/dhcpcd.conf.5.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix typo in manpage


0002 DHCPv6 Fix a potential buffer overflow reading NA TA.patch | (download)

src/dhcp6.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 dhcpv6: fix a potential buffer overflow reading na/ta addresses

Only copy upto the size of the address option rather than the
option length.

Found by Maxime Villard <max@m00nbsd.net>

(cherry picked from commit 8d11b33f6c60e2db257130fa383ba76b6018bcf6)

0003 DHCP Fix a potential 1 byte read overflow with DHO_O.patch | (download)

src/dhcp.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 dhcp: fix a potential 1 byte read overflow with dho_optsoverloaded

This fix basically moves the option length check up and also
corrects an off by one error with it.

Thanks to Maxime Villard <max@m00nbsd.net>

(cherry picked from commit 4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8)

0004 auth Use consttime_memequal 3 to compare hashes.patch | (download)

compat/consttime_memequal.h | 28 28 + 0 - 0 !
configure | 22 22 + 0 - 0 !
src/auth.c | 2 1 + 1 - 0 !
3 files changed, 51 insertions(+), 1 deletion(-)

 auth: use consttime_memequal(3) to compare hashes

This stops any attacker from trying to infer secrets from latency.

Thanks to Maxime Villard <max@m00nbsd.net>

(cherry picked from commit 7121040790b611ca3fbc400a1bbcd4364ef57233)

compat: Provide consttime_memequal if not in libc

Public domain version by Matthias Drochner <drochner@netbsd.org>

(cherry picked from commit cfde89ab66cb4e5957b1c4b68ad6a9449e2784da)

Really add consttime_memequal

(cherry picked from commit aee631aadeef4283c8a749c1caf77823304acf5e)

0005 DHCPv6 Fix a potential read overflow with D6_OPTION_.patch | (download)

src/dhcp6.c | 42 20 + 22 - 0 !
1 file changed, 20 insertions(+), 22 deletions(-)

 dhcpv6: fix a potential read overflow with d6_option_pd_exclude

dhcpcd only checks that the prefix length of the exclusion
matches the prefix length of the ia and equals the length of the
data in the option.
This could potentially overrun the in6_addr structure.

This is fixed by enforcing RFC 6603 section 4.2 option limits
more clearly.

Thanks to Maxime Villard <max@m00nbsd.net> for finding this.

(cherry picked from commit c1ebeaafeb324bac997984abdcee2d4e8b61a8a8)

DHCPv6: Fix exclude prefix length check.

(cherry picked from commit 896ef4a54b0578985e5e1360b141593f1d62837b)