Mercurial > hg > dhcpcd

changeset 4899:e46826f39d5b draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
DHCP: Ensure we have a lease to extract options from.
author Roy Marples <roy@marples.name>
date Thu, 19 Dec 2019 15:36:31 +0000
parents a769542f85cf
children f34373025895
files src/dhcp.c src/dhcp.h
diffstat 2 files changed, 8 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/dhcp.c	Tue Dec 17 22:32:21 2019 +0000
+++ b/src/dhcp.c	Thu Dec 19 15:36:31 2019 +0000
@@ -173,6 +173,11 @@
 	const uint8_t *op;
 	size_t bl;
 
+	if (bootp == NULL || bootp_len < DHCP_MIN_LEN) {
+		errno = EINVAL;
+		return NULL;
+	}
+
 	/* Check we have the magic cookie */
 	if (!IS_DHCP(bootp)) {
 		errno = ENOTSUP;
@@ -1204,7 +1209,7 @@
 	 * (it should be more, and our read packet enforces this so this
 	 * code should not be needed, but of course people could
 	 * scribble whatever in the stored lease file. */
-	if (bytes < offsetof(struct bootp, vend) + 4) {
+	if (bytes < DHCP_MIN_LEN) {
 		free(lease);
 		logerrx("%s: %s: truncated lease", ifp->name, __func__);
 		return 0;
--- a/src/dhcp.h	Tue Dec 17 22:32:21 2019 +0000
+++ b/src/dhcp.h	Thu Dec 19 15:36:31 2019 +0000
@@ -163,6 +163,8 @@
 	/* DHCP allows a variable length vendor area */
 };
 
+#define	DHCP_MIN_LEN		(offsetof(struct bootp, vend) + 4)
+
 struct bootp_pkt
 {
 	struct ip ip;