Created attachment 145162 [details] Patch to net/dhcpcd to update to 6.4.3 dhcpcd-6.4.3 has been released with the following changes: * Correct DHCPv6 Prefix Delegation option decoding * Ensure that a given buffer is at least BUFSIZ (for getline compat) * Poll interfaces on BSD for IFF_RUNNING if link state cannot be obtained * Check for an IA to use in DHCPv6 lease validation * Fix compile on NetBSD-6 (and possibly earlier NetBSDs) * Warn about exceeding IDGEN_RETRIES when a stable private address cannot be obtained * Fix DHCP option overload handling, thanks to Tobias Stoeckmann The last point is particularly important because a carefully crafted DHCP message could put dhcpcd into an infinite loop, causing a Denial Of Service attack. This error is in all dhcpcd versions from dhcpcd-4.0.0 upwards, earlier versions are not affected.
A commit references this bug: Author: wg Date: Thu Jul 31 14:01:11 UTC 2014 New revision: 363589 URL: http://svnweb.freebsd.org/changeset/ports/363589 Log: net/dhcpcd: update to 6.4.3 Changes: * Correct DHCPv6 Prefix Delegation option decoding * Ensure that a given buffer is at least BUFSIZ (for getline compat) * Poll interfaces on BSD for IFF_RUNNING if link state cannot be obtained * Check for an IA to use in DHCPv6 lease validation * Fix compile on NetBSD-6 (and possibly earlier NetBSDs) * Warn about exceeding IDGEN_RETRIES when a stable private address cannot be obtained * Fix DHCP option overload handling, thanks to Tobias Stoeckmann PR: 192276 Submitted by: maintainer Changes: head/net/dhcpcd/Makefile head/net/dhcpcd/distinfo