X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=src%2Fdhcpv6.c;h=75bc50e84e89f641f0b6f450650f86c60f1b83b3;hb=1339588a2a1143e4029a9e7558130c9b17fd6a3e;hp=cd8e43800dca33315047cd000262a5697c985be5;hpb=3510cb4f1acb27e3ce40b85f557db4a29967f7c3;p=odhcp6c.git

diff --git a/src/dhcpv6.c b/src/dhcpv6.c
index cd8e438..75bc50e 100644
--- a/src/dhcpv6.c
+++ b/src/dhcpv6.c
@@ -569,7 +569,11 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len,
 	void *server_id = odhcp6c_get_state(STATE_SERVER_ID, &server_id_len);
 
 	dhcpv6_for_each_option(&rep[1], end, otype, olen, odata) {
-		if (otype == DHCPV6_OPT_CLIENTID) {
+		if ((odata + olen) > end) {
+			options_valid = false;
+			break;
+		}
+		else if (otype == DHCPV6_OPT_CLIENTID) {
 			clientid_ok = (olen + 4U == client_id_len) && !memcmp(
 					&odata[-4], client_id, client_id_len);
 		} else if (otype == DHCPV6_OPT_SERVERID) {