[cherry-pick][201911] Fix dhcp option buffer issue (#12520)

Why I did it
#12033

How I did it
How to verify it

src/isc-dhcp/patch/0014-Fix-dhcrelay-agent-option-buffer-pointer-logic.patch

@@ -0,0 +1,53 @@
+From 0a2f9a62bceb90b0d30461add2e25c4ce7a24547 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <[email protected]>
+Date: Fri, 20 Dec 2019 10:11:54 -0500
+Subject: [PATCH] [#71] Fix dhcrelay agent option buffer pointer logic
+
+relay/dhcrelay.c
+    strip_relay_agent_options()
+    strip_relay_agent_options()
+    - corrected buffer pointer logic
+
+---
+ relay/dhcrelay.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+index 896e1e2e..980dacae 100644
+--- a/relay/dhcrelay.c
++++ b/relay/dhcrelay.c
+@@ -1065,8 +1065,13 @@ strip_relay_agent_options(struct interface_info *in,
+ 				return (0);
+
+ 			if (sp != op) {
+-				memmove(sp, op, op[1] + 2);
+-				sp += op[1] + 2;
++				size_t mlen = op[1] + 2;
++				memmove(sp, op, mlen);
++				sp += mlen;
++				if (sp > max) {
++					return (0);
++				}
++
+ 				op = nextop;
+ 			} else
+ 				op = sp = nextop;
+@@ -1168,8 +1168,13 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
+ 			end_pad = NULL;
+
+ 			if (sp != op) {
+-				memmove(sp, op, op[1] + 2);
+-				sp += op[1] + 2;
++				size_t mlen = op[1] + 2;
++				memmove(sp, op, mlen);
++				sp += mlen;
++				if (sp > max) {
++					return (0);
++				}
++
+ 				op = nextop;
+ 			} else
+ 				op = sp = nextop;
+-- 
+2.17.1
+

src/isc-dhcp/patch/series

@@ -12,3 +12,4 @@
 0011-interface-name-maxlen-crash.patch
 0012-Don-t-skip-down-interfaces-when-discovering-interfac.patch
 0013-add-option-si-to-support-using-src-intf-ip-in-relay.patch
+0014-Fix-dhcrelay-agent-option-buffer-pointer-logic.patch