From 163c4ef809bae670524df2d55e24635dd78bfd34 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Fri, 27 Dec 2013 15:55:24 +0100 Subject: [PATCH] Drop DHCPv6 messages containing invalid option length --- src/dhcpv6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dhcpv6.c b/src/dhcpv6.c index cd8e438..8d65219 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -623,7 +623,7 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, } } - if (!options_valid) + if (!options_valid || ((odata + olen) > end)) return false; if (type == DHCPV6_MSG_INFO_REQ && ia_present) -- 2.30.2