svn commit: r349439 - head/sbin/dhclient
Mark Johnston
markj at FreeBSD.org
Wed Jun 26 20:19:49 UTC 2019
Author: markj
Date: Wed Jun 26 20:19:48 2019
New Revision: 349439
URL: https://svnweb.freebsd.org/changeset/base/349439
Log:
Free DHCP options with length zero.
Otherwise they are leaked, allowing an attacker to trigger memory
exhaustion.
This is options.c rev. 1.70 from OpenBSD.
admbugs: 552
Obtained from: OpenBSD
MFC after: 3 days
Modified:
head/sbin/dhclient/options.c
Modified: head/sbin/dhclient/options.c
==============================================================================
--- head/sbin/dhclient/options.c Wed Jun 26 20:11:52 2019 (r349438)
+++ head/sbin/dhclient/options.c Wed Jun 26 20:19:48 2019 (r349439)
@@ -896,6 +896,5 @@ do_packet(struct interface_info *interface, struct dhc
/* Free the data associated with the options. */
for (i = 0; i < 256; i++)
- if (tp.options[i].len && tp.options[i].data)
- free(tp.options[i].data);
+ free(tp.options[i].data);
}
More information about the svn-src-head
mailing list