From ab4f9eeb7b56c03d42db8eeb8ffe6df4b8b53e28 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 24 Jan 2022 04:49:30 +0900
Subject: [PATCH] sd-dhcp-server: fix heap buffer overflow

This checks client hardware length earlier.
---
 src/libsystemd-network/sd-dhcp-server.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index 38c202975fa..ec9202d02ee 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -724,6 +724,9 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes
 
         req->message = message;
 
+        if (message->hlen > sizeof(message->chaddr))
+                return -EBADMSG;
+
         /* set client id based on MAC address if client did not send an explicit one */
         if (!req->client_id.data) {
                 uint8_t *data;
@@ -742,9 +745,6 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes
                 req->client_id.data = data;
         }
 
-        if (message->hlen > sizeof(message->chaddr))
-                return -EBADMSG;
-
         if (message->hlen == 0 || memeqzero(message->chaddr, message->hlen)) {
                 /* See RFC2131 section 4.1.1.
                  * hlen and chaddr may not be set for non-ethernet interface.
-- 
2.47.3