From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 15 Nov 2023 04:46:31 +0000 (+0900)
Subject: sd-dhcp6-client: fix DUID data length passed to hexmem()
X-Git-Tag: v255-rc2~10^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fdf759e3ae0d190c533f6e38decd3be8c53f46cc;p=thirdparty%2Fsystemd.git

sd-dhcp6-client: fix DUID data length passed to hexmem()

Fixes a bug introduced by 6b7d5b6eaf9029b88771ae0ba3cf3c95adb3c24d.
---

diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
index 08b8676850a..c339dfbec2e 100644
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@@ -276,7 +276,7 @@ int sd_dhcp6_client_duid_as_string(
         int r;
 
         assert_return(client, -EINVAL);
-        assert_return(client->duid_len > 0, -ENODATA);
+        assert_return(client->duid_len > offsetof(struct duid, raw.data), -ENODATA);
         assert_return(duid, -EINVAL);
 
         v = duid_type_to_string(be16toh(client->duid.type));
@@ -290,7 +290,7 @@ int sd_dhcp6_client_duid_as_string(
                         return -ENOMEM;
         }
 
-        t = hexmem(&client->duid.raw.data, client->duid_len);
+        t = hexmem(client->duid.raw.data, client->duid_len - offsetof(struct duid, raw.data));
         if (!t)
                 return -ENOMEM;