From 2cd4f01b29e9e7bd2554cb9fe5ad2dd762d89874 Mon Sep 17 00:00:00 2001
From: Erik Kline <ek@google.com>
Date: Sat, 15 Nov 2014 04:24:40 +0900
Subject: Fun with buffer overrruns.

In get_option(): don't read past the end of the option buffer.

Also add a small unittest to verify sane behaviour for the above.
The dhcpcd code is not easily refactored into a library, nor is it
entirely possible to include some header files directly since some
structures use C++ reserved keywords ("new") for variable names.

In print_option(): use of snprintf() returns the length that
/would/ have been written.  Add checks that the output buffer
is not overrun when printing.

This fixes CVE-2014-7912 and CVE-2014-7913

Bug: 18356137
Bug: 18356135
Change-Id: I0f907b8a952208749226ba034a416d773e068f8a

Tested-by: Moritz Bandemer <replicant@posteo.mx>
---
 Android.mk | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'Android.mk')

diff --git a/Android.mk b/Android.mk
index 55e5f68..e409b1c 100644
--- a/Android.mk
+++ b/Android.mk
@@ -52,3 +52,11 @@ LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_PATH := $(hooks_target)
 LOCAL_SRC_FILES := $(hooks_dir)/$(LOCAL_MODULE)
 include $(BUILD_PREBUILT)
+
+# Unit tests.
+include $(CLEAR_VARS)
+LOCAL_MODULE := dhcpcd_test
+LOCAL_CFLAGS := -Wall -Werror -Wunused-parameter
+LOCAL_SRC_FILES := dhcpcd_test.cpp dhcp.c common.c
+LOCAL_MODULE_TAGS := eng tests
+include $(BUILD_NATIVE_TEST)
-- 
cgit v1.1