Add more explicit length checks for get_raw_packet.
This commit is contained in:
parent
2518e0a2bc
commit
12114c9bae
14
src/dhcp.c
14
src/dhcp.c
@ -186,7 +186,7 @@ static ssize_t get_raw_packet(struct client_state_t *cs,
|
|||||||
}
|
}
|
||||||
size_t iphdrlen = ntohs(packet.ip.tot_len);
|
size_t iphdrlen = ntohs(packet.ip.tot_len);
|
||||||
if ((size_t)inc != iphdrlen) {
|
if ((size_t)inc != iphdrlen) {
|
||||||
log_warning("%s: UDP length [%zd] does not match header length field [%zu].",
|
log_error("%s: UDP length [%zd] does not match header length field [%zu].",
|
||||||
client_config.interface, inc, iphdrlen);
|
client_config.interface, inc, iphdrlen);
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
@ -194,7 +194,7 @@ static ssize_t get_raw_packet(struct client_state_t *cs,
|
|||||||
return -2;
|
return -2;
|
||||||
|
|
||||||
if (!ip_checksum(&packet)) {
|
if (!ip_checksum(&packet)) {
|
||||||
log_warning("%s: IP header checksum incorrect.",
|
log_error("%s: IP header checksum incorrect.",
|
||||||
client_config.interface);
|
client_config.interface);
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
@ -203,7 +203,17 @@ static ssize_t get_raw_packet(struct client_state_t *cs,
|
|||||||
client_config.interface);
|
client_config.interface);
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
|
if (iphdrlen <= sizeof packet.ip + sizeof packet.udp) {
|
||||||
|
log_error("%s: Packet received that is too small (%zu bytes).",
|
||||||
|
iphdrlen);
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
size_t l = iphdrlen - sizeof packet.ip - sizeof packet.udp;
|
size_t l = iphdrlen - sizeof packet.ip - sizeof packet.udp;
|
||||||
|
if (l > sizeof *payload) {
|
||||||
|
log_error("%s: Packet received that is too long (%zu bytes).",
|
||||||
|
l);
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
memcpy(payload, &packet.data, l);
|
memcpy(payload, &packet.data, l);
|
||||||
return l;
|
return l;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user