From: Hans Dedecker Date: Fri, 27 Dec 2013 14:55:24 +0000 (+0100) Subject: Drop DHCPv6 messages containing invalid option length X-Git-Tag: debian/1.1+git20160131-1~107^2~1 X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=163c4ef809bae670524df2d55e24635dd78bfd34;p=odhcp6c.git Drop DHCPv6 messages containing invalid option length --- diff --git a/src/dhcpv6.c b/src/dhcpv6.c index cd8e438..8d65219 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -623,7 +623,7 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, } } - if (!options_valid) + if (!options_valid || ((odata + olen) > end)) return false; if (type == DHCPV6_MSG_INFO_REQ && ia_present)