it helps to check for overflow

author Alan T. DeKok <aland@freeradius.org>

Sun, 13 Mar 2022 10:52:33 +0000 (06:52 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Sun, 13 Mar 2022 10:52:33 +0000 (06:52 -0400)
author Alan T. DeKok <aland@freeradius.org>
Sun, 13 Mar 2022 10:52:33 +0000 (06:52 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Sun, 13 Mar 2022 10:52:33 +0000 (06:52 -0400)
diff --git a/src/protocols/dhcpv4/decode.c b/src/protocols/dhcpv4/decode.c

index 070dd7159efa242ab890fa4898a6598c3ec2be64..601d99fea64eee952b7320af3fd27ef7b00dbd1b 100644 (file)
--- a/src/protocols/dhcpv4/decode.c
+++ b/src/protocols/dhcpv4/decode.c
@@ -589,6 +589,8 @@ ssize_t fr_dhcpv4_decode_option(TALLOC_CTX *ctx, fr_pair_list_t *out,
  
                 for (next = data; next < end; next += 2 + next[1]) {
                         if (next[0] != data[0]) break;
+                       if ((next + 2 + next[1]) > end) return -1;
+
                         memcpy(q, next + 2, next[1]);
                         q += next[1];
                 }
author	Alan T. DeKok <aland@freeradius.org>
	Sun, 13 Mar 2022 10:52:33 +0000 (06:52 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Sun, 13 Mar 2022 10:52:33 +0000 (06:52 -0400)