emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

get_raw_packet: The read length check is stricter than necessary.

Browse Source 
Allow reads with excess data beyond the packet to succeed if the
packet is still well-formed.
This commit is contained in:
Nicholas J. Kain 2015-02-14 01:40:06 -05:00
parent a7cb063f0c
commit 70c750f50c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/dhcp.c
View File

@ -195,7 +195,7 @@ static ssize_t get_raw_packet(struct client_state_t cs[static 1],
return -1;
}
size_t iphdrlen = ntohs(packet.ip.tot_len);
if ((size_t)inc != iphdrlen)
if ((size_t)inc < iphdrlen)
return -2;
if (!cs->using_dhcp_bpf && !get_raw_packet_validate_bpf(&packet))
return -2;