DHCP: Ensure we have a lease to extract options from.

diff --git a/src/dhcp.c b/src/dhcp.c
index 686aee449ba92e913c2c9aa0d76164ffc84c744b..797b3ad44e661ec8281daa051a2210b89b8eb90d 100644 (file)
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -176,6 +176,11 @@ get_option(struct dhcpcd_ctx *ctx,
        const uint8_t *op;
        size_t bl;
 
+       if (bootp == NULL || bootp_len < DHCP_MIN_LEN) {
+               errno = EINVAL;
+               return NULL;
+       }
+
        /* Check we have the magic cookie */
        if (!IS_DHCP(bootp)) {
                errno = ENOTSUP;
@@ -1179,7 +1184,7 @@ read_lease(struct interface *ifp, struct bootp **bootp)
         * (it should be more, and our read packet enforces this so this
         * code should not be needed, but of course people could
         * scribble whatever in the stored lease file. */
-       if (bytes < offsetof(struct bootp, vend) + 4) {
+       if (bytes < DHCP_MIN_LEN) {
                free(lease);
                logerrx("%s: %s: truncated lease", ifp->name, __func__);
                return 0;

diff --git a/src/dhcp.h b/src/dhcp.h
index 98a8b1e48992cf5ca392928dad02ed8ec1054b27..2214e6de1dc42ca476a1ec94456e42194f7f47e8 100644 (file)
--- a/src/dhcp.h
+++ b/src/dhcp.h
@@ -164,6 +164,8 @@ struct bootp {
        /* DHCP allows a variable length vendor area */
 };
 
+#define        DHCP_MIN_LEN            (offsetof(struct bootp, vend) + 4)
+
 struct bootp_pkt
 {
        struct ip ip;