From 4f00baabe6d6967b50598ad7a34e650ec4e960cf Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Wed, 4 Mar 2020 15:07:24 +0000
Subject: [PATCH] DHCP: Move the max frame length check

---
 src/dhcp.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/dhcp.c b/src/dhcp.c
index 0c96ea93..e7193379 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -3447,6 +3447,13 @@ dhcp_handlebootp(struct interface *ifp, struct bootp *bootp, size_t len,
 		return;
 	}
 
+	/* Unlikely, but appeases sanitizers. */
+	if (len > FRAMELEN_MAX) {
+		logerrx("%s: packet exceeded frame length (%zu) from %s",
+		    ifp->name, len, inet_ntoa(*from));
+		return;
+	}
+
 	/* To make our IS_DHCP macro easy, ensure the vendor
 	 * area has at least 4 octets. */
 	v = len - offsetof(struct bootp, vend);
@@ -3556,15 +3563,6 @@ dhcp_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg)
 	struct interface *ifp;
 	const struct dhcp_state *state;
 
-#ifdef PRIVSEP
-	/* Unlikely, but appeases sanitizers. */
-	if (iov->iov_len > FRAMELEN_MAX) {
-		errno = ENOBUFS;
-		logerr(__func__);
-		return;
-	}
-#endif
-
 	ifp = if_findifpfromcmsg(ctx, msg, NULL);
 	if (ifp == NULL) {
 		logerr(__func__);
-- 
2.47.3