From: Roy Marples <roy@marples.name>
Date: Wed, 1 Jun 2016 05:44:22 +0000 (+0000)
Subject: We can work with saved leases without a full vendor area.
X-Git-Tag: v6.11.1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77f0b46ed38e2dca5f663de2e3cb230d33ebaffb;p=thirdparty%2Fdhcpcd.git

We can work with saved leases without a full vendor area.
---

diff --git a/dhcp.c b/dhcp.c
index 3c25dc0f..f0057fb9 100644
--- a/dhcp.c
+++ b/dhcp.c
@@ -1165,7 +1165,12 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 		return 0;
 	}
 
-	if (bytes < sizeof(**bootp)) {
+	/* Ensure the packet is at lease BOOTP sized
+	 * with a vendor area of 4 octets
+	 * (it should be more, and our read packet enforces this so this
+	 * code should not be needed, but of course people could
+	 * scribble whatever in the stored lease file. */
+	if (bytes < offsetof(struct bootp, vend) + 4) {
 		free(lease);
 		logger(ifp->ctx, LOG_ERR, "%s: truncated lease", __func__);
 		return 0;