[arp] Validate length of ARP packet

There is no practical way to generate an underlength ARP packet since
an ARP packet is always padded up to the minimum Ethernet frame length
(or dropped by the receiving Ethernet hardware if incorrectly padded),
but the absence of an explicit check causes warnings from some
analysis tools.

Fix by adding an explicit check on the I/O buffer length.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/if_arp.h

 	return ( arp_target_ha ( arphdr ) + arphdr->ar_hln );
 }
 
+/** ARP packet length
+ *
+ * @v arphdr	ARP header
+ * @ret len	Length (including header)
+ */
+static inline size_t arp_len ( struct arphdr *arphdr ) {
+	return ( sizeof ( *arphdr ) +
+		 ( 2 * ( arphdr->ar_hln + arphdr->ar_pln ) ) );
+}
+
 #endif	/* _IPXE_IF_ARP_H */

src/net/arp.c

 	struct arp_net_protocol *arp_net_protocol;
 	struct net_protocol *net_protocol;
 	struct ll_protocol *ll_protocol;
+	size_t len = iob_len ( iobuf );
 	int rc;
 
+	/* Sanity check */
+	if ( ( len < sizeof ( *arphdr ) ) || ( len < arp_len ( arphdr ) ) ) {
+		rc = -EINVAL;
+		goto done;
+	}
+
 	/* Identify network-layer and link-layer protocols */
 	arp_net_protocol = arp_find_protocol ( arphdr->ar_pro );
 	if ( ! arp_net_protocol ) {