MdeModulePkg: Check for the max DHCP packet length before use it.

This patch updates the PXE driver to drop the input DHCP packet if it
exceed the maximum length.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>

MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c

@@ -912,6 +912,14 @@ PxeBcDhcpCallBack (
 
   case Dhcp4SendDiscover:
   case Dhcp4SendRequest:
+    if (Packet->Length > PXEBC_DHCP4_MAX_PACKET_SIZE) {
+      //
+      // If the to be sent packet exceeds the maximum length, abort the DHCP process.
+      //
+      Status = EFI_ABORTED;
+      break;
+    }
+    
     if (Mode->SendGUID) {
       //
       // send the system GUID instead of the MAC address as the hardware address
@@ -942,6 +950,13 @@ PxeBcDhcpCallBack (
 
   case Dhcp4RcvdOffer:
     Status = EFI_NOT_READY;
+    if (Packet->Length > PXEBC_DHCP4_MAX_PACKET_SIZE) {
+      //
+      // Ignore the incoming Offers which exceed the maximum length.
+      //
+      break;
+    }
+    
     if (Private->NumOffers < PXEBC_MAX_OFFER_NUM) {
       //
       // Cache the dhcp offers in Private->Dhcp4Offers[]
@@ -967,6 +982,14 @@ PxeBcDhcpCallBack (
     break;
 
   case Dhcp4RcvdAck:
+    if (Packet->Length > PXEBC_DHCP4_MAX_PACKET_SIZE) {
+      //
+      // Abort the DHCP if the ACK packet exceeds the maximum length.
+      //
+	  Status = EFI_ABORTED;
+      break;
+    }
+
     //
     // Cache Ack
     //

MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.h

@@ -18,7 +18,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #define PXEBC_DHCP4_MAX_OPTION_NUM         16
 #define PXEBC_DHCP4_MAX_OPTION_SIZE        312
-#define PXEBC_DHCP4_MAX_PACKET_SIZE        1472
+#define PXEBC_DHCP4_MAX_PACKET_SIZE        (sizeof (EFI_PXE_BASE_CODE_PACKET))
 
 #define PXEBC_DHCP4_S_PORT                 67
 #define PXEBC_DHCP4_C_PORT                 68