dhcp: Clarify range checks in valid UDP packets

diff --git a/src/dhcp.c b/src/dhcp.c
index b64254a72fe8497b28757c7e0e45573f7053976b..6a3a02de995e2f3fa036d7e86bb381d3a5a0ff05 100644 (file)
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -3276,7 +3276,7 @@ valid_udp_packet(void *data, size_t data_len, struct in_addr *from,
        struct bootp_pkt *p;
        uint16_t bytes;
 
-       if (data_len < sizeof(p->ip) + sizeof(p->udp)) {
+       if (data_len < sizeof(p->ip)) {
                if (from)
                        from->s_addr = INADDR_ANY;
                errno = ERANGE;
@@ -3291,6 +3291,12 @@ valid_udp_packet(void *data, size_t data_len, struct in_addr *from,
        }
 
        bytes = ntohs(p->ip.ip_len);
+       /* Check we have a payload */
+       if (bytes <= sizeof(p->ip) + sizeof(p->udp)) {
+               errno = ERANGE;
+               return -1;
+       }
+       /* Check we don't go beyond the payload */
        if (bytes > data_len) {
                errno = ENOBUFS;
                return -1;