get_end_option_idx() has a useless conditional that always evaluates to
the same value. Remove it, and introduce a slightly less useless conditional that prevents a possible one-byte-read past the end of packet. This bug could possibly cause ndhc to segfault on some architectures with extremely unlikely memory layouts and a very pathological crafted input packet.
This commit is contained in:
parent
e8687ba29f
commit
742baf6d7b
@ -124,8 +124,9 @@ ssize_t get_end_option_idx(struct dhcpmsg *packet)
|
||||
return i;
|
||||
if (packet->options[i] == DCODE_PADDING)
|
||||
continue;
|
||||
if (packet->options[i] != DCODE_PADDING)
|
||||
i += packet->options[i+1] + 1;
|
||||
if (i + 1 >= sizeof packet->options)
|
||||
break;
|
||||
i += packet->options[i+1] + 1;
|
||||
}
|
||||
log_warning("get_end_option_idx: Did not find DCODE_END marker.");
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user