dhcpv4: Fix a panic in parsing of route options

When parsing a route option with a mask size >32, there would be a panic
at option_routes.go:47 as user-supplied data is used without
verification for a slice bound, causing a read of masksize/8, whic is
possibly >4 bytes. Instead reject the invalid route

Signed-off-by: Anatole Denis <natolumin@unverle.fr>

1 files changed, 9 insertions, 5 deletions

diff --git a/dhcpv4/option_routes_test.go b/dhcpv4/option_routes_test.go
index 19e331b..33f0ce7 100644
--- a/dhcpv4/option_routes_test.go
+++ b/dhcpv4/option_routes_test.go
@@ -16,9 +16,9 @@ func mustParseIPNet(s string) *net.IPNet {
 
 func TestParseRoutes(t *testing.T) {
 	for _, tt := range []struct {
-		p    []byte
-		want Routes
-		err  error
+		p       []byte
+		want    Routes
+		wantErr bool
 	}{
 		{
 			p: []byte{32, 10, 2, 3, 4, 0, 0, 0, 0},
@@ -51,10 +51,14 @@ func TestParseRoutes(t *testing.T) {
 				},
 			},
 		},
+		{
+			p:       []byte{64, 10, 2, 3, 4},
+			wantErr: true, // Mask length 64 > 32
+		},
 	} {
 		var r Routes
-		if err := r.FromBytes(tt.p); err != tt.err {
-			t.Errorf("FromBytes(%v) = %v, want %v", tt.p, err, tt.err)
+		if err := r.FromBytes(tt.p); (err != nil) != tt.wantErr {
+			t.Errorf("FromBytes(%v) Unexpected error state: %v", tt.p, err)
 		}
 
 		if !reflect.DeepEqual(r, tt.want) {