DHCP: Ensure we have a lease to extract options from.

author: Roy Marples <roy@marples.name> 2019-12-19 15:36:31 +0000
committer: Roy Marples <roy@marples.name> 2019-12-19 15:36:31 +0000
commit: 7a2fb4153c500ae5e198447622ca57fa5bc238b2 (patch)
tree: 95769e7e3600d3e05c9cc055f50b8693f7beb17d
parent: dc7c73bc40431f86213ba106285a6c9a9aa165c0 (diff)
download: dhcpcd-7a2fb4153c500ae5e198447622ca57fa5bc238b2.tar.xz
2 files changed, 8 insertions, 1 deletions
diff --git a/src/dhcp.c b/src/dhcp.c
index f66f180b..f099451a 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -173,6 +173,11 @@ get_option(struct dhcpcd_ctx *ctx,
 	const uint8_t *op;
 	size_t bl;
 
+	if (bootp == NULL || bootp_len < DHCP_MIN_LEN) {
+		errno = EINVAL;
+		return NULL;
+	}
+
 	/* Check we have the magic cookie */
 	if (!IS_DHCP(bootp)) {
 		errno = ENOTSUP;
@@ -1204,7 +1209,7 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 	 * (it should be more, and our read packet enforces this so this
 	 * code should not be needed, but of course people could
 	 * scribble whatever in the stored lease file. */
-	if (bytes < offsetof(struct bootp, vend) + 4) {
+	if (bytes < DHCP_MIN_LEN) {
 		free(lease);
 		logerrx("%s: %s: truncated lease", ifp->name, __func__);
 		return 0;
diff --git a/src/dhcp.h b/src/dhcp.h
index 19da2162..192d046b 100644
--- a/src/dhcp.h
+++ b/src/dhcp.h
@@ -163,6 +163,8 @@ struct bootp {
 	/* DHCP allows a variable length vendor area */
 };
 
+#define	DHCP_MIN_LEN		(offsetof(struct bootp, vend) + 4)
+
 struct bootp_pkt
 {
 	struct ip ip;
author	Roy Marples <roy@marples.name>	2019-12-19 15:36:31 +0000
committer	Roy Marples <roy@marples.name>	2019-12-19 15:36:31 +0000
commit	7a2fb4153c500ae5e198447622ca57fa5bc238b2 (patch)
tree	95769e7e3600d3e05c9cc055f50b8693f7beb17d
parent	dc7c73bc40431f86213ba106285a6c9a9aa165c0 (diff)
download	dhcpcd-7a2fb4153c500ae5e198447622ca57fa5bc238b2.tar.xz