Help coverity see validation of option_len (#5064)

author James Jones <jejones3141@gmail.com>

Thu, 15 Jun 2023 23:11:48 +0000 (18:11 -0500)

committer GitHub <noreply@github.com>

Thu, 15 Jun 2023 23:11:48 +0000 (19:11 -0400)
author James Jones <jejones3141@gmail.com>
Thu, 15 Jun 2023 23:11:48 +0000 (18:11 -0500)
committer GitHub <noreply@github.com>
Thu, 15 Jun 2023 23:11:48 +0000 (19:11 -0400)
diff --git a/src/listen/dhcpv6/proto_dhcpv6_udp.c b/src/listen/dhcpv6/proto_dhcpv6_udp.c

index 9c952d1b91ea9f28e749b069a51b2ca195549718..c1ae787fac9f633ea483de9d5203a26cd000bef4 100644 (file)
--- a/src/listen/dhcpv6/proto_dhcpv6_udp.c
+++ b/src/listen/dhcpv6/proto_dhcpv6_udp.c
@@ -426,7 +426,7 @@ static void *mod_track_create(UNUSED void const *instance, UNUSED void *thread_i
  
         option_len = fr_nbo_to_uint16(option + 2);
  
-       if ((option + option_len) > (packet + packet_len)) return NULL;
+       if (option_len > ((packet - option) + packet_len)) return NULL;
  
         t = (proto_dhcpv6_track_t *) talloc_zero_array(track, uint8_t, t_size + option_len);
         if (!t) return NULL;
@@ -435,7 +435,6 @@ static void *mod_track_create(UNUSED void const *instance, UNUSED void *thread_i
  
         memcpy(&t->header, packet, 4); /* packet code + 24-bit transaction ID */
  
-       /* coverity[tainted_data] */
         memcpy(&t->client_id[0], option + 4, option_len);
         t->client_id_len = option_len;
author	James Jones <jejones3141@gmail.com>
	Thu, 15 Jun 2023 23:11:48 +0000 (18:11 -0500)
committer	GitHub <noreply@github.com>
	Thu, 15 Jun 2023 23:11:48 +0000 (19:11 -0400)