vmd(8): malicious dhcp packets on local ifs can cause stack overflows
A sufficiently large dhcp packet can cause a stack overflow in vmd's
internal dhcp server used for providing ip addresses to local guest
interfaces. (This does not affect non-local interfaces.)
The primary changes drop larger packets and change the memory copying
logic to use a compile-time constant. The dhcp option processing
also additional prevention for out of bound reads.
While here, improve construction of the dhcp response's hostname
handling to guard against overflowing the response dhcp options.
Vulnerability reported by Maxime Villard.
ok claudio@
projects / openbsd / commit