dhcp: Clarify range checks in valid UDP packets

author: Roy Marples <roy@marples.name> 2018-05-07 15:01:46 +0100
committer: Roy Marples <roy@marples.name> 2018-05-07 15:01:46 +0100
commit: 9fc2b57c27b551a58ef69b615f69e570a21de103 (patch)
tree: 1343b4ad77b658675f08086e5fd3e98929ef6852
parent: 3bc898820a523c2a84350775396cac767d8a65e1 (diff)
download: dhcpcd-9fc2b57c27b551a58ef69b615f69e570a21de103.tar.xz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/dhcp.c b/src/dhcp.c
index b64254a7..6a3a02de 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -3276,7 +3276,7 @@ valid_udp_packet(void *data, size_t data_len, struct in_addr *from,
 	struct bootp_pkt *p;
 	uint16_t bytes;
 
-	if (data_len < sizeof(p->ip) + sizeof(p->udp)) {
+	if (data_len < sizeof(p->ip)) {
 		if (from)
 			from->s_addr = INADDR_ANY;
 		errno = ERANGE;
@@ -3291,6 +3291,12 @@ valid_udp_packet(void *data, size_t data_len, struct in_addr *from,
 	}
 
 	bytes = ntohs(p->ip.ip_len);
+	/* Check we have a payload */
+	if (bytes <= sizeof(p->ip) + sizeof(p->udp)) {
+		errno = ERANGE;
+		return -1;
+	}
+	/* Check we don't go beyond the payload */
 	if (bytes > data_len) {
 		errno = ENOBUFS;
 		return -1;
author	Roy Marples <roy@marples.name>	2018-05-07 15:01:46 +0100
committer	Roy Marples <roy@marples.name>	2018-05-07 15:01:46 +0100
commit	9fc2b57c27b551a58ef69b615f69e570a21de103 (patch)
tree	1343b4ad77b658675f08086e5fd3e98929ef6852
parent	3bc898820a523c2a84350775396cac767d8a65e1 (diff)
download	dhcpcd-9fc2b57c27b551a58ef69b615f69e570a21de103.tar.xz