chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sd-dhcp-client: recevie_message - verify cmsg_len before reading
[elogind.git] / src / libsystemd-network / sd-dhcp-client.c
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index da41c478eaeb477ba286001e5517abc6014ccca9..392e294ae43e27fe404c30c03542347e201eb99b 100644 (file)
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -1124,8 +1124,10 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
                 return 0;
 
         for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
                 return 0;
 
         for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
-                if (cmsg->cmsg_level == SOL_PACKET && cmsg->cmsg_type == PACKET_AUXDATA) {
-                        struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
+                if (cmsg->cmsg_level == SOL_PACKET &&
+                    cmsg->cmsg_type == PACKET_AUXDATA &&
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct tpacket_auxdata))) {
+                        struct tpacket_auxdata *aux = (struct tpacket_auxdata*)CMSG_DATA(cmsg);
 
                         checksum = !(aux->tp_status & TP_STATUS_CSUMNOTREADY);
                         break;
 
                         checksum = !(aux->tp_status & TP_STATUS_CSUMNOTREADY);
                         break;
Unnamed repository; edit this file 'description' to name the repository.