bootpd: validate hardware type

Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.

admbugs:	850
Reported by:	Reno Robert
Reviewed by:	markj
Approved by:	so
Security:	FreeBSD-SA-18:15.bootpd
Sponsored by:	The FreeBSD Foundation

libexec/bootpd/bootpd.c

@@ -636,6 +636,10 @@ handle_request()
 	char *homedir, *bootfile;
 	int n;
 
+	if (bp->bp_htype >= hwinfocnt) {
+		report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
+		return;
+	}
 	bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
 
 	/* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */