From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 23 Jan 2022 19:49:30 +0000 (+0900)
Subject: sd-dhcp-server: fix heap buffer overflow
X-Git-Tag: v251-rc1~469^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab4f9eeb7b56c03d42db8eeb8ffe6df4b8b53e28;p=thirdparty%2Fsystemd.git

sd-dhcp-server: fix heap buffer overflow

This checks client hardware length earlier.
---

diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index 38c202975fa..ec9202d02ee 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -724,6 +724,9 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes
 
         req->message = message;
 
+        if (message->hlen > sizeof(message->chaddr))
+                return -EBADMSG;
+
         /* set client id based on MAC address if client did not send an explicit one */
         if (!req->client_id.data) {
                 uint8_t *data;
@@ -742,9 +745,6 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes
                 req->client_id.data = data;
         }
 
-        if (message->hlen > sizeof(message->chaddr))
-                return -EBADMSG;
-
         if (message->hlen == 0 || memeqzero(message->chaddr, message->hlen)) {
                 /* See RFC2131 section 4.1.1.
                  * hlen and chaddr may not be set for non-ethernet interface.