Sanitize handling of client identifier option

author H. Peter Anvin <hpa@zytor.com>

Fri, 8 Jun 2007 04:45:33 +0000 (21:45 -0700)

committer H. Peter Anvin <hpa@zytor.com>

Fri, 8 Jun 2007 04:45:33 +0000 (21:45 -0700)
author H. Peter Anvin <hpa@zytor.com>
Fri, 8 Jun 2007 04:45:33 +0000 (21:45 -0700)
committer H. Peter Anvin <hpa@zytor.com>
Fri, 8 Jun 2007 04:45:33 +0000 (21:45 -0700)
diff --git a/pxelinux.asm b/pxelinux.asm

index b9c541e..02674d6 100644 (file)
--- a/pxelinux.asm
+++ b/pxelinux.asm
@@ -2196,8 +2196,16 @@ dopt_%2:
         dopt 61, client_identifier
                 cmp ax,MAC_MAX          ; Too long?
                 ja .skip
+               cmp ax,2                ; Too short?
+               jb .skip
                 cmp [MACLen],ah         ; Only do this if MACLen == 0
                 jne .skip
+               push ax
+               lodsb                   ; Client identifier type
+               cmp al,[MACType]
+               pop ax
+               jne .skip               ; Client identifier is not a MAC
+               dec ax
                 mov [MACLen],al
                 mov di,MAC
                 jmp dhcp_copyoption
author	H. Peter Anvin <hpa@zytor.com>
	Fri, 8 Jun 2007 04:45:33 +0000 (21:45 -0700)
committer	H. Peter Anvin <hpa@zytor.com>
	Fri, 8 Jun 2007 04:45:33 +0000 (21:45 -0700)