From: Roy Marples <roy@marples.name>
Date: Wed, 18 Nov 2015 13:52:52 +0000 (+0000)
Subject: Protect against underflow.
X-Git-Tag: v6.9.4~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef848a73ae069f31248b92920e4abdba44b49b1f;p=thirdparty%2Fdhcpcd.git

Protect against underflow.
---

diff --git a/dhcp6.c b/dhcp6.c
index 5caf0f34..06b280a5 100644
--- a/dhcp6.c
+++ b/dhcp6.c
@@ -2185,6 +2185,7 @@ dhcp6_readlease(struct interface *ifp, int validate)
 	struct timespec acquired;
 	time_t now;
 	int retval;
+	size_t newlen;
 	void *newnew;
 
 	state = D6_STATE(ifp);
@@ -2217,14 +2218,15 @@ dhcp6_readlease(struct interface *ifp, int validate)
 			retval = 0;
 			break;
 		}
-		state->new_len += BUFSIZ;
-		if (state->new_len > UINT32_MAX) {
+		newlen = state->new_len + BUFSIZ;
+		if (newlen > UINT32_MAX || newlen < state->new_len) {
 			errno = E2BIG;
 			break;
 		}
-		if ((newnew = realloc(state->new, state->new_len)) == NULL)
+		if ((newnew = realloc(state->new, newlen)) == NULL)
 			break;
 		state->new = newnew;
+		state->new_len = newlen;
 	}
 	close(fd);
 	if (retval == -1)