From: Hans Dedecker Date: Fri, 27 Dec 2013 14:55:24 +0000 (+0100) Subject: Drop DHCPv6 messages containing invalid option length X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=163c4ef809bae670524df2d55e24635dd78bfd34;p=project%2Fodhcp6c.git Drop DHCPv6 messages containing invalid option length --- diff --git a/src/dhcpv6.c b/src/dhcpv6.c index cd8e438..8d65219 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -623,7 +623,7 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, } } - if (!options_valid) + if (!options_valid || ((odata + olen) > end)) return false; if (type == DHCPV6_MSG_INFO_REQ && ia_present)