X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fdhcp%2Fdhcp_api.c;h=d2e423572fb38e2e7ef4ed7c2f9c06259c3f4721;hb=7784140f2bd2d5ae44f2be1507ac25f102006155;hp=a5163ca2e9510d081284b1f8633f7199517297d0;hpb=00217cb192be43e2bc3fcacb5440fb0a4a733c0b;p=vpp.git

diff --git a/src/plugins/dhcp/dhcp_api.c b/src/plugins/dhcp/dhcp_api.c
index a5163ca2e95..d2e423572fb 100644
--- a/src/plugins/dhcp/dhcp_api.c
+++ b/src/plugins/dhcp/dhcp_api.c
@@ -549,6 +549,12 @@ void
   params.T1 = ntohl (mp->T1);
   params.T2 = ntohl (mp->T2);
   n_addresses = ntohl (mp->n_addresses);
+  /* Make sure that the number of addresses is sane */
+  if (n_addresses * sizeof (params.addresses) > vl_msg_api_max_length (mp))
+    {
+      rv = VNET_API_ERROR_INVALID_VALUE;
+      goto bad_sw_if_index;
+    }
   params.addresses = 0;
   if (n_addresses > 0)
     vec_validate (params.addresses, n_addresses - 1);
@@ -593,6 +599,14 @@ void
   params.T1 = ntohl (mp->T1);
   params.T2 = ntohl (mp->T2);
   n_prefixes = ntohl (mp->n_prefixes);
+
+  /* Minimal check to see that the number of prefixes is sane */
+  if (n_prefixes * sizeof (params.prefixes) > vl_msg_api_max_length (mp))
+    {
+      rv = VNET_API_ERROR_INVALID_VALUE;
+      goto bad_sw_if_index;
+    }
+
   params.prefixes = 0;
   if (n_prefixes > 0)
     vec_validate (params.prefixes, n_prefixes - 1);