dhcpd, dhclient and dhcrelay have not-quite-in-sync versions of packet.c;
the one in dhcrelay is missing this check present in the others.
OK to add it?
Index: packet.c
===================================================================
RCS file: /cvs/src/usr.sbin/dhcrelay/packet.c,v
retrieving revision 1.5
diff -u -p -r1.5 packet.c
--- packet.c 25 Oct 2014 03:23:49 -0000 1.5
+++ packet.c 13 Jan 2016 10:52:18 -0000
@@ -223,7 +223,7 @@ decode_udp_ip_header(struct interface_in
data = buf + bufix + ip_len + sizeof(*udp);
len = ntohs(udp->uh_ulen) - sizeof(*udp);
udp_packets_length_checked++;
- if (len + data > buf + bufix + buflen) {
+ if ((len < 0) || (len + data > buf + bufix + buflen)) {
udp_packets_length_overflow++;
if (udp_packets_length_checked > 4 &&
udp_packets_length_overflow != 0 &&
