From: James Jones <jejones3141@gmail.com>
Date: Thu, 15 Jun 2023 23:11:48 +0000 (-0500)
Subject: Help coverity see validation of option_len (#5064)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7832608debf040d46117012a547475ae79c99c8d;p=thirdparty%2Ffreeradius-server.git

Help coverity see validation of option_len (#5064)
---

diff --git a/src/listen/dhcpv6/proto_dhcpv6_udp.c b/src/listen/dhcpv6/proto_dhcpv6_udp.c
index 9c952d1b91e..c1ae787fac9 100644
--- a/src/listen/dhcpv6/proto_dhcpv6_udp.c
+++ b/src/listen/dhcpv6/proto_dhcpv6_udp.c
@@ -426,7 +426,7 @@ static void *mod_track_create(UNUSED void const *instance, UNUSED void *thread_i
 
 	option_len = fr_nbo_to_uint16(option + 2);
 
-	if ((option + option_len) > (packet + packet_len)) return NULL;
+	if (option_len > ((packet - option) + packet_len)) return NULL;
 
 	t = (proto_dhcpv6_track_t *) talloc_zero_array(track, uint8_t, t_size + option_len);
 	if (!t) return NULL;
@@ -435,7 +435,6 @@ static void *mod_track_create(UNUSED void const *instance, UNUSED void *thread_i
 
 	memcpy(&t->header, packet, 4); /* packet code + 24-bit transaction ID */
 
-	/* coverity[tainted_data] */
 	memcpy(&t->client_id[0], option + 4, option_len);
 	t->client_id_len = option_len;