dhcpv4: fix out of bound access in dhcpv4_put

Detected by Coverity in CID 1433363 and 1432121

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

diff --git a/src/dhcpv4.c b/src/dhcpv4.c
index 81e537d3ddbb8f4b7bc6e770e213c228ced1819f..88727ac5fd59d0fe57a06eade349a0a6c3e1efdb 100644 (file)
--- a/src/dhcpv4.c
+++ b/src/dhcpv4.c
@@ -241,7 +241,9 @@ static void dhcpv4_put(struct dhcpv4_message *msg, uint8_t **cookie,
                uint8_t type, uint8_t len, const void *data)
 {
        uint8_t *c = *cookie;
-       if (*cookie + 2 + len > (uint8_t*)&msg[1])
+       uint8_t *end = (uint8_t *)msg + sizeof(*msg);
+
+       if (*cookie + 2 + len > end)
                return;
 
        *c++ = type;