From ba553e5d944bcbc00a53a8a0bc0851058f5b074a Mon Sep 17 00:00:00 2001 From: "Nicholas J. Kain" Date: Sun, 14 Nov 2010 07:50:21 -0500 Subject: [PATCH] Clean up end_option(), and fix a possible off-by-one in the bound check. --- ndhc/options.c | 11 +++++------ ndhc/options.h | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ndhc/options.c b/ndhc/options.c index 7b61480..585cda9 100644 --- a/ndhc/options.c +++ b/ndhc/options.c @@ -116,17 +116,16 @@ uint8_t* get_option(struct dhcpMessage *packet, int code) } /* return the position of the 'end' option */ -int end_option(unsigned char *optionptr) +int end_option(uint8_t *optionptr) { int i = 0; while (i < DHCP_OPTIONS_BUFSIZE && optionptr[i] != DHCP_END) { - if (optionptr[i] == DHCP_PADDING) - ++i; - else - i += optionptr[i + OPT_LEN] + 2; + if (optionptr[i] != DHCP_PADDING) + i += optionptr[i + OPT_LEN] + OPT_DATA - 1; + i++; } - return (i < DHCP_OPTIONS_BUFSIZE ? i : DHCP_OPTIONS_BUFSIZE); + return (i < DHCP_OPTIONS_BUFSIZE - 1 ? i : DHCP_OPTIONS_BUFSIZE - 1); } diff --git a/ndhc/options.h b/ndhc/options.h index 9347b0a..9654269 100644 --- a/ndhc/options.h +++ b/ndhc/options.h @@ -31,7 +31,7 @@ extern struct dhcp_option options[]; extern int option_lengths[]; uint8_t *get_option(struct dhcpMessage *packet, int code); -int end_option(unsigned char *optionptr); +int end_option(uint8_t *optionptr); int add_option_string(unsigned char *optionptr, unsigned char *string); int add_simple_option(unsigned char *optionptr, unsigned char code, uint32_t data); struct option_set *find_option(struct option_set *opt_list, char code);