From: Roy Marples <roy@marples.name>
Date: Thu, 19 Dec 2019 15:36:31 +0000 (+0000)
Subject: DHCP: Ensure we have a lease to extract options from.
X-Git-Tag: v9.0.0~163
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91c9b756dce4de7d61e538fadc218ec7b7479f6c;p=thirdparty%2Fdhcpcd.git

DHCP: Ensure we have a lease to extract options from.
---

diff --git a/src/dhcp.c b/src/dhcp.c
index 635e5247..04bddc20 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -177,6 +177,11 @@ get_option(struct dhcpcd_ctx *ctx,
 	const uint8_t *op;
 	size_t bl;
 
+	if (bootp == NULL || bootp_len < DHCP_MIN_LEN) {
+		errno = EINVAL;
+		return NULL;
+	}
+
 	/* Check we have the magic cookie */
 	if (!IS_DHCP(bootp)) {
 		errno = ENOTSUP;
@@ -1180,7 +1185,7 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 	 * (it should be more, and our read packet enforces this so this
 	 * code should not be needed, but of course people could
 	 * scribble whatever in the stored lease file. */
-	if (bytes < offsetof(struct bootp, vend) + 4) {
+	if (bytes < DHCP_MIN_LEN) {
 		free(lease);
 		logerrx("%s: %s: truncated lease", ifp->name, __func__);
 		return 0;
diff --git a/src/dhcp.h b/src/dhcp.h
index 62fa94bb..d895e341 100644
--- a/src/dhcp.h
+++ b/src/dhcp.h
@@ -164,6 +164,8 @@ struct bootp {
 	/* DHCP allows a variable length vendor area */
 };
 
+#define	DHCP_MIN_LEN		(offsetof(struct bootp, vend) + 4)
+
 struct bootp_pkt
 {
 	struct ip ip;