sd-dhcp-server: fix heap buffer overflow

This checks client hardware length earlier.

diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index 38c202975fa64570e39ec69ad9407d5d3e480db1..ec9202d02ee8c09e575599197b12efc8ef373151 100644 (file)
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -724,6 +724,9 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes
 
         req->message = message;
 
+        if (message->hlen > sizeof(message->chaddr))
+                return -EBADMSG;
+
         /* set client id based on MAC address if client did not send an explicit one */
         if (!req->client_id.data) {
                 uint8_t *data;
@@ -742,9 +745,6 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes
                 req->client_id.data = data;
         }
 
-        if (message->hlen > sizeof(message->chaddr))
-                return -EBADMSG;
-
         if (message->hlen == 0 || memeqzero(message->chaddr, message->hlen)) {
                 /* See RFC2131 section 4.1.1.
                  * hlen and chaddr may not be set for non-ethernet interface.