sd-dhcp6-lease: ignore invalid byte(s) at the end of the packet

Oracle Cloud sends malformed DHCPv6 replies that have an invalid
byte at the end, which cannot be parsed as an option code.

networkd currently can cope with the invalid option (it is ignored),
but the whole packet is ignored altogether because of the additional
null at the end.

It's better to be liberal in what we accept and actually assign an
address, given that the reply contains a valid IA_NA.

Fixes #28183.

diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
index d14c412c1fb8057a8fcf9b29962ffc5865de9be2..1c6b231db6abef4e96d5ab87cbe95450fe387271 100644 (file)
--- a/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/libsystemd-network/sd-dhcp6-lease.c
@@ -465,6 +465,11 @@ static int dhcp6_lease_parse_message(
                 size_t optlen;
                 const uint8_t *optval;
 
+                if (len - offset < offsetof(DHCP6Option, data)) {
+                        log_dhcp6_client(client, "Ignoring %zu invalid byte(s) at the end of the packet", len - offset);
+                        break;
+                }
+
                 r = dhcp6_option_parse(message->options, len, &offset, &optcode, &optlen, &optval);
                 if (r < 0)
                         return log_dhcp6_client_errno(client, r,