From bb7ead18609ac4f05b60adbeb4d041e58c8ae17c Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Sun, 13 Mar 2022 06:52:33 -0400
Subject: [PATCH] it helps to check for overflow

---
 src/protocols/dhcpv4/decode.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/protocols/dhcpv4/decode.c b/src/protocols/dhcpv4/decode.c
index 070dd7159ef..601d99fea64 100644
--- a/src/protocols/dhcpv4/decode.c
+++ b/src/protocols/dhcpv4/decode.c
@@ -589,6 +589,8 @@ ssize_t fr_dhcpv4_decode_option(TALLOC_CTX *ctx, fr_pair_list_t *out,
 
 		for (next = data; next < end; next += 2 + next[1]) {
 			if (next[0] != data[0]) break;
+			if ((next + 2 + next[1]) > end) return -1;
+
 			memcpy(q, next + 2, next[1]);
 			q += next[1];
 		}
-- 
2.47.3