|
@@ -58,6 +58,7 @@ static void cachedhcp_init ( void ) {
|
58
|
58
|
struct dhcp_packet *dhcppkt;
|
59
|
59
|
struct dhcp_packet *tmp;
|
60
|
60
|
struct dhcphdr *dhcphdr;
|
|
61
|
+ size_t max_len;
|
61
|
62
|
size_t len;
|
62
|
63
|
|
63
|
64
|
/* Do nothing if no cached DHCPACK is present */
|
|
@@ -69,23 +70,25 @@ static void cachedhcp_init ( void ) {
|
69
|
70
|
/* No reliable way to determine length before parsing packet;
|
70
|
71
|
* start by assuming maximum length permitted by PXE.
|
71
|
72
|
*/
|
72
|
|
- len = sizeof ( BOOTPLAYER_t );
|
|
73
|
+ max_len = sizeof ( BOOTPLAYER_t );
|
73
|
74
|
|
74
|
75
|
/* Allocate and populate DHCP packet */
|
75
|
|
- dhcppkt = zalloc ( sizeof ( *dhcppkt ) + len );
|
|
76
|
+ dhcppkt = zalloc ( sizeof ( *dhcppkt ) + max_len );
|
76
|
77
|
if ( ! dhcppkt ) {
|
77
|
78
|
DBGC ( colour, "CACHEDHCP could not allocate copy\n" );
|
78
|
79
|
return;
|
79
|
80
|
}
|
80
|
81
|
dhcphdr = ( ( ( void * ) dhcppkt ) + sizeof ( *dhcppkt ) );
|
81
|
82
|
copy_from_user ( dhcphdr, phys_to_user ( cached_dhcpack_phys ), 0,
|
82
|
|
- len );
|
83
|
|
- dhcppkt_init ( dhcppkt, dhcphdr, len );
|
|
83
|
+ max_len );
|
|
84
|
+ dhcppkt_init ( dhcppkt, dhcphdr, max_len );
|
84
|
85
|
|
85
|
|
- /* Resize packet to required length. If reallocation fails,
|
86
|
|
- * just continue to use the original packet.
|
|
86
|
+ /* Shrink packet to required length. If reallocation fails,
|
|
87
|
+ * just continue to use the original packet and waste the
|
|
88
|
+ * unused space.
|
87
|
89
|
*/
|
88
|
90
|
len = dhcppkt_len ( dhcppkt );
|
|
91
|
+ assert ( len <= max_len );
|
89
|
92
|
tmp = realloc ( dhcppkt, ( sizeof ( *dhcppkt ) + len ) );
|
90
|
93
|
if ( tmp )
|
91
|
94
|
dhcppkt = tmp;
|