Check for unsupported PD exclusion configuration in dhcpv6_parse_ia

We currently only support PD exclusions that only affect bits 64-95 of the address, so we require: 32 <= PD prefix length < exclusion prefix length <= 64 The first inequality was not validated, and this could result in a buffer overflow when generating the next request message. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
sbyx · Jan 28, 2016 · abe9d1b · abe9d1b
1 parent b0d1c58
commit abe9d1b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/dhcpv6.c b/src/dhcpv6.c
@@ -1185,7 +1185,7 @@ static int dhcpv6_parse_ia(void *opt, void *end)
 				if (elen > 64)
 					elen = 64;
 
-				if (elen <= 32 || elen <= entry.length) {
+				if (entry.length < 32 || elen <= entry.length) {
 					ok = false;
 					continue;
 				}