From: Hans Dedecker <dedeckeh@gmail.com>
Date: Tue, 15 May 2018 20:22:30 +0000 (+0200)
Subject: dhcpv4: fix out of bound access in dhcpv4_put
X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fodhcpd.git;a=commitdiff_plain;h=f2aa383f9ca085f4e261703d71b9039b487b89bb

dhcpv4: fix out of bound access in dhcpv4_put

Detected by Coverity in CID 1433363 and 1432121

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---

diff --git a/src/dhcpv4.c b/src/dhcpv4.c
index 2b30307..b803359 100644
--- a/src/dhcpv4.c
+++ b/src/dhcpv4.c
@@ -493,7 +493,9 @@ static void dhcpv4_put(struct dhcpv4_message *msg, uint8_t **cookie,
 		uint8_t type, uint8_t len, const void *data)
 {
 	uint8_t *c = *cookie;
-	if (*cookie + 2 + len > (uint8_t*)&msg[1])
+	uint8_t *end = (uint8_t *)msg + sizeof(*msg);
+
+	if (*cookie + 2 + len > end)
 		return;
 
 	*c++ = type;