fix dhcp buffer overflow

1 files changed, 25 insertions, 24 deletions

diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index f597d6ced..38711c911 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -78,34 +78,35 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
 
       while(i < DHCP_VEND_LEN) {
 	u_int8_t id  = dhcp->options[i];
-	u_int8_t len = dhcp->options[i+1];
-
-	if(len == 0) break;
-	
+	if(id == 0xFF) break;
+	else {
+	  u_int8_t len = dhcp->options[i+1];
+	  
+	  if(len == 0) break;
+	  
 #ifdef DHCP_DEBUG
-	printf("[DHCP] Id=%d [len=%d]\n", id, len);
+	  printf("[DHCP] Id=%d [len=%d]\n", id, len);
 #endif
-	
-	if(id == 53 /* DHCP Message Type */) {
-	  u_int8_t msg_type = dhcp->options[i+2];
-
-	  if(msg_type <= 8) foundValidMsgType = 1;
-	} else if(id == 12 /* Host Name */) {
-	  char *name = (char*)&dhcp->options[i+2];
-	  int j = 0;
-
+	  
+	  if(id == 53 /* DHCP Message Type */) {
+	    u_int8_t msg_type = dhcp->options[i+2];
+	    
+	    if(msg_type <= 8) foundValidMsgType = 1;
+	  } else if(id == 12 /* Host Name */) {
+	    char *name = (char*)&dhcp->options[i+2];
+	    int j = 0;
+	    
 #ifdef DHCP_DEBUG
-	  printf("[DHCP] ");
-	  while(j < len) { printf("%c", name[j]); j++; }
-	  printf("\n");
+	    printf("[DHCP] ");
+	    while(j < len) { printf("%c", name[j]); j++; }
+	    printf("\n");
 #endif
-	  j = ndpi_min(len, sizeof(flow->host_server_name)-1);
-	  strncpy((char*)flow->host_server_name, name, j);
-	  flow->host_server_name[j] = '\0';
-	} else if(id == 0xFF)
-	    break;
-
-	i += len + 2;
+	    j = ndpi_min(len, sizeof(flow->host_server_name)-1);
+	    strncpy((char*)flow->host_server_name, name, j);
+	    flow->host_server_name[j] = '\0';
+	  }
+	  i += len + 2;
+	}
       }
 
       //get_u_int16_t(packet->payload, 240) == htons(0x3501)) {