From 051fbea5e69c6c546cf09fdde44ca78ed6c37e42 Mon Sep 17 00:00:00 2001 From: Dirk Ziegelmeier Date: Fri, 19 Oct 2018 21:06:15 +0200 Subject: [PATCH] Fix bug #54805: IP address can not be obtained over dhcp if PBUF_POOL_BUFSIZE is too small Patch by Christoph Chang --- src/core/ipv4/dhcp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/ipv4/dhcp.c b/src/core/ipv4/dhcp.c index 55950d8e..76b9f682 100644 --- a/src/core/ipv4/dhcp.c +++ b/src/core/ipv4/dhcp.c @@ -1508,6 +1508,7 @@ dhcp_parse_reply(struct pbuf *p, struct dhcp *dhcp) u8_t *options; u16_t offset; u16_t offset_max; + u16_t options_offset; u16_t options_idx; u16_t options_idx_max; struct pbuf *q; @@ -1540,6 +1541,7 @@ dhcp_parse_reply(struct pbuf *p, struct dhcp *dhcp) options_idx_max = p->tot_len; again: q = p; + options_offset = options_idx; while ((q != NULL) && (options_idx >= q->len)) { options_idx = (u16_t)(options_idx - q->len); options_idx_max = (u16_t)(options_idx_max - q->len); @@ -1613,7 +1615,7 @@ again: case (DHCP_OPTION_OVERLOAD): LWIP_DHCP_INPUT_ERROR("len == 1", len == 1, return ERR_VAL;); /* decode overload only in options, not in file/sname: invalid packet */ - LWIP_DHCP_INPUT_ERROR("overload in file/sname", options_idx == DHCP_OPTIONS_OFS, return ERR_VAL;); + LWIP_DHCP_INPUT_ERROR("overload in file/sname", options_offset == DHCP_OPTIONS_OFS, return ERR_VAL;); decode_idx = DHCP_OPTION_IDX_OVERLOAD; break; case (DHCP_OPTION_MESSAGE_TYPE):