[B.A.T.M.A.N.] [PATCH] batman-adv: fix wrong dhcp option list browsing

From: Antonio Quartulli <hidden>
Date: 2012-02-27 10:29:53
Subsystem: the rest · Maintainer: Linus Torvalds

In is_type_dhcprequest(), while parsing a DHCP message, if the entry we found in
the option list is neither a padding nor the dhcp-type, we have to ignore it and
jump as many bytes as its length + 1. The "+ 1" byte is given by the subtype
field itself that has to be jumped too.

Reported-by: Marek Lindner <redacted>
Signed-off-by: Antonio Quartulli <redacted>
---
 gateway_client.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/gateway_client.c b/gateway_client.c
index 65a77a1..1f7e92d 100644
--- a/gateway_client.c
+++ b/gateway_client.c

@@ -563,10 +563,10 @@ static bool is_type_dhcprequest(struct sk_buff *skb, int header_len)
 			p++;
 
 			/* ...and then we jump over the data */
-			if (pkt_len < *p)
+			if (pkt_len < 1 + (*p))
 				goto out;
-			pkt_len -= *p;
-			p += (*p);
+			pkt_len -= 1 + (*p);
+			p += 1 + (*p);
 		}
 	}
 out:

-- 
1.7.3.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help