diff options
author | claudio <claudio@openbsd.org> | 2019-10-03 13:36:15 +0000 |
---|---|---|
committer | claudio <claudio@openbsd.org> | 2019-10-03 13:36:15 +0000 |
commit | 58031b709a7bc84073734ced6320493831b5f6fa (patch) | |
tree | 83c6d8342ebdb0d2f6fa401cf0d7ec57d068d916 /usr.sbin/dhcpd | |
parent | Fix CVE-2019-16866 (diff) | |
download | wireguard-openbsd-58031b709a7bc84073734ced6320493831b5f6fa.tar.xz wireguard-openbsd-58031b709a7bc84073734ced6320493831b5f6fa.zip |
Properly initalize the ICMP message to zero to avoid leaking 4-byte
of uninitialised memory in the sent icmp echorequest.
Reported by Adarsh Dinesh (adarsh.dinesh at gmail com)
OK florian@ deraadt@
Diffstat (limited to 'usr.sbin/dhcpd')
-rw-r--r-- | usr.sbin/dhcpd/icmp.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/usr.sbin/dhcpd/icmp.c b/usr.sbin/dhcpd/icmp.c index 512aebe6c59..61efd4232f0 100644 --- a/usr.sbin/dhcpd/icmp.c +++ b/usr.sbin/dhcpd/icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp.c,v 1.18 2017/02/13 23:04:05 krw Exp $ */ +/* $OpenBSD: icmp.c,v 1.19 2019/10/03 13:36:15 claudio Exp $ */ /* * Copyright (c) 1997, 1998 The Internet Software Consortium. @@ -107,10 +107,8 @@ icmp_echorequest(struct iaddr *addr) to.sin_family = AF_INET; memcpy(&to.sin_addr, addr->iabuf, sizeof to.sin_addr); /* XXX */ + memset(&icmp, 0, sizeof(icmp)); icmp.icmp_type = ICMP_ECHO; - icmp.icmp_code = 0; - icmp.icmp_cksum = 0; - icmp.icmp_seq = 0; icmp.icmp_id = getpid() & 0xffff; icmp.icmp_cksum = wrapsum(checksum((unsigned char *)&icmp, |