:: commit b3a296bc09a05ec59c1e0f9311c477416ffe8833
pxe/tftp: Clamp DHCP cached packet copy to firmware-reported buffer size
diff --git a/common/pxe/tftp.s2.c b/common/pxe/tftp.s2.c
index 4fe1d078..46dbdef6 100644
--- a/common/pxe/tftp.s2.c
+++ b/common/pxe/tftp.s2.c
@@ -25,7 +25,9 @@ static uint32_t get_boot_server_info(void) {
}
struct bootph *ph = (struct bootph*)(void *) (((((uint32_t)cachedinfo.buffer) >> 16) << 4) + (((uint32_t)cachedinfo.buffer) & 0xFFFF));
if (!cached_dhcp_ack_valid) {
- memcpy(cached_dhcp_packet, ph, DHCP_ACK_PACKET_LEN);
+ size_t copy_len = cachedinfo.buffer_size < DHCP_ACK_PACKET_LEN
+ ? cachedinfo.buffer_size : DHCP_ACK_PACKET_LEN;
+ memcpy(cached_dhcp_packet, ph, copy_len);
cached_dhcp_ack_valid = true;
}
return ph->sip;
