net: bootp: Prevent buffer overflow to avoid leaking the RAM content

CVE-2024-42040 describes a possible buffer overflow when calling
bootp_process_vendor() in bootp_handler() since the total length
of the packet is passed to bootp_process_vendor() without being
reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).

The packet length is also checked against its minimum size to avoid
reading data from struct bootp_hdr outside of the packet length.

Signed-off-by: Paul HENRYS <[email protected]>
Signed-off-by: Philippe Reynes <[email protected]>

0 files changed, 0 insertions, 0 deletions