Google Git
Sign in
fuchsia / third_party / android / platform / system / core / refs/tags/android-8.1.0_r18^1..refs/tags/android-8.1.0_r18 / .
commitac8169f45dc9e5332d3ec24d0b14f812668b0c8e[log] [tgz]
authorandroid-build-team Robot <android-build-team-robot@google.com>Wed Nov 29 18:11:44 2017 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Wed Nov 29 18:11:44 2017 +0000
treef0b9026cb10d9d270231e647c78988abfe516537
parentabac6c7eedd2d5b06ebd133c4deb53e269c2e924 [diff]
parentde98024485397755232212ff862ffb2a2ca4f08f [diff]
Merge cherrypicks of [3287457, 3287458, 3286978, 3286979, 3287477, 3287478, 3287479, 3287480, 3287517, 3287518, 3287537, 3287538, 3287539, 3287540, 3287481, 3287482, 3287483, 3287484, 3287485, 3287486, 3287487, 3287488, 3287359, 3287459, 3287360, 3287361, 3287362, 3287363, 3287364, 3287365, 3287366, 3287367, 3287489, 3287490, 3287491, 3287557, 3287577, 3287558, 3287492, 3287493, 3287597, 3287617, 3286980, 3287460, 3287494] into oc-m3-release

Change-Id: I493e5863f5ffc6e3e8496969a7421d2af6dc23a2

diff --git a/libnetutils/packet.c b/libnetutils/packet.c
index e53a4c8..9ecdd4f 100644
--- a/libnetutils/packet.c
+++ b/libnetutils/packet.c

@@ -218,6 +218,20 @@
      * to construct the pseudo header used in the checksum calculation.
      */
     dhcp_size = ntohs(packet.udp.len) - sizeof(packet.udp);
+    /*
+     * check validity of dhcp_size.
+     * 1) cannot be negative or zero.
+     * 2) src buffer contains enough bytes to copy
+     * 3) cannot exceed destination buffer
+     */
+    if ((dhcp_size <= 0) ||
+        ((int)(nread - sizeof(struct iphdr) - sizeof(struct udphdr)) < dhcp_size) ||
+        ((int)sizeof(struct dhcp_msg) < dhcp_size)) {
+#if VERBOSE
+        ALOGD("Malformed Packet");
+#endif
+        return -1;
+    }
     saddr = packet.ip.saddr;
     daddr = packet.ip.daddr;
     nread = ntohs(packet.ip.tot_len);