X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flibsystemd-network%2Fdhcp-packet.c;h=4f90c283a21485a686b18704dbf1227b2a058d46;hb=2292547af9638e2b3f7e0e96a56dd6c909e516dc;hp=bed942fd84345d0af51fa80dd3b9efe973408c16;hpb=a838c939a3a50b7318efac7b960392ca8d13bb1e;p=elogind.git

diff --git a/src/libsystemd-network/dhcp-packet.c b/src/libsystemd-network/dhcp-packet.c
index bed942fd8..4f90c283a 100644
--- a/src/libsystemd-network/dhcp-packet.c
+++ b/src/libsystemd-network/dhcp-packet.c
@@ -130,6 +130,11 @@ int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum) {
                 return -EINVAL;
         }
 
+        if (packet->ip.version != IPVERSION) {
+                log_dhcp_client(client, "ignoring packet: not IPv4");
+                return -EINVAL;
+        }
+
         if (packet->ip.ihl < 5) {
                 log_dhcp_client(client, "ignoring packet: IPv4 IHL (%u words) invalid",
                                 packet->ip.ihl);
@@ -150,13 +155,13 @@ int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum) {
                 return -EINVAL;
         }
 
-        if (dhcp_packet_checksum(&packet->ip, hdrlen)) {
-                log_dhcp_client(client, "ignoring packet: invalid IP checksum");
+        /* UDP */
+
+        if (packet->ip.protocol != IPPROTO_UDP) {
+                log_dhcp_client(client, "ignoring packet: not UDP");
                 return -EINVAL;
         }
 
-        /* UDP */
-
         if (len < DHCP_IP_UDP_SIZE) {
                 log_dhcp_client(client, "ignoring packet: packet (%zu bytes) "
                                 " smaller than IP+UDP header (%u bytes)", len,
@@ -171,6 +176,22 @@ int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum) {
                 return -EINVAL;
         }
 
+        if (be16toh(packet->udp.dest) != DHCP_PORT_CLIENT) {
+                log_dhcp_client(client, "ignoring packet: to port %u, which "
+                                "is not the DHCP client port (%u)",
+                                be16toh(packet->udp.dest), DHCP_PORT_CLIENT);
+                return -EINVAL;
+        }
+
+        /* checksums - computing these is relatively expensive, so only do it
+           if all the other checks have passed
+         */
+
+        if (dhcp_packet_checksum(&packet->ip, hdrlen)) {
+                log_dhcp_client(client, "ignoring packet: invalid IP checksum");
+                return -EINVAL;
+        }
+
         if (checksum && packet->udp.check) {
                 packet->ip.check = packet->udp.len;
                 packet->ip.ttl = 0;
@@ -182,12 +203,5 @@ int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum) {
                 }
         }
 
-        if (be16toh(packet->udp.dest) != DHCP_PORT_CLIENT) {
-                log_dhcp_client(client, "ignoring packet: to port %u, which "
-                                "is not the DHCP client port (%u)",
-                                be16toh(packet->udp.dest), DHCP_PORT_CLIENT);
-                return -EINVAL;
-        }
-
         return 0;
 }