CVE-2024-42040 describes a possible buffer overflow when calling
bootp_process_vendor() in bootp_handler() since the total length
of the packet is passed to bootp_process_vendor() without being
reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).
The packet length is also checked against its minimum size to avoid
reading data from struct bootp_hdr outside of the packet length.
Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
81e5708cc2