Properly initalize the ICMP message to zero to avoid leaking 4-byte

of uninitialised memory in the sent icmp echorequest. Reported by Adarsh Dinesh (adarsh.dinesh at gmail com) OK florian@ deraadt@
author: claudio <claudio@openbsd.org> 2019-10-03 13:36:15 +0000
committer: claudio <claudio@openbsd.org> 2019-10-03 13:36:15 +0000
commit: 58031b709a7bc84073734ced6320493831b5f6fa (patch)
tree: 83c6d8342ebdb0d2f6fa401cf0d7ec57d068d916 /usr.sbin/dhcpd
parent: Fix CVE-2019-16866 (diff)
download: wireguard-openbsd-58031b709a7bc84073734ced6320493831b5f6fa.tar.xz
wireguard-openbsd-58031b709a7bc84073734ced6320493831b5f6fa.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/usr.sbin/dhcpd/icmp.c b/usr.sbin/dhcpd/icmp.c
index 512aebe6c59..61efd4232f0 100644
--- a/usr.sbin/dhcpd/icmp.c
+++ b/usr.sbin/dhcpd/icmp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: icmp.c,v 1.18 2017/02/13 23:04:05 krw Exp $ */
+/*	$OpenBSD: icmp.c,v 1.19 2019/10/03 13:36:15 claudio Exp $ */
 
 /*
  * Copyright (c) 1997, 1998 The Internet Software Consortium.
@@ -107,10 +107,8 @@ icmp_echorequest(struct iaddr *addr)
 	to.sin_family = AF_INET;
 	memcpy(&to.sin_addr, addr->iabuf, sizeof to.sin_addr);	/* XXX */
 
+	memset(&icmp, 0, sizeof(icmp));
 	icmp.icmp_type = ICMP_ECHO;
-	icmp.icmp_code = 0;
-	icmp.icmp_cksum = 0;
-	icmp.icmp_seq = 0;
 	icmp.icmp_id = getpid() & 0xffff;
 
 	icmp.icmp_cksum = wrapsum(checksum((unsigned char *)&icmp,
author	claudio <claudio@openbsd.org>	2019-10-03 13:36:15 +0000
committer	claudio <claudio@openbsd.org>	2019-10-03 13:36:15 +0000
commit	58031b709a7bc84073734ced6320493831b5f6fa (patch)
tree	83c6d8342ebdb0d2f6fa401cf0d7ec57d068d916 /usr.sbin/dhcpd
parent	Fix CVE-2019-16866 (diff)
download	wireguard-openbsd-58031b709a7bc84073734ced6320493831b5f6fa.tar.xz wireguard-openbsd-58031b709a7bc84073734ced6320493831b5f6fa.zip