defense in depth: verify hex.DecodeString length

related to #49
rtr7 · May 27, 2020 · 4a5f55a · 4a5f55a
1 parent ead58ad
commit 4a5f55a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/internal/dhcp4d/dhcp4d.go b/internal/dhcp4d/dhcp4d.go
@@ -255,6 +255,10 @@ func (h *Handler) leasePeriodForDevice(hwAddr string) time.Duration {
 	if err != nil {
 		return h.LeasePeriod
 	}
+	if len(hwAddrPrefix) != 6 {
+		// Invalid MAC address
+		return h.LeasePeriod
+	}
 	hwAddrPrefix = hwAddrPrefix[:3]
 	i := sort.Search(len(nintendoMacPrefixes), func(i int) bool {
 		return bytes.Compare(nintendoMacPrefixes[i][:], hwAddrPrefix) >= 0