Blame SOURCES/dhcp-4.2.5-reference_count_overflow.patch

2a7b11
diff --git a/common/options.c b/common/options.c
2a7b11
index 83e0384..a58c5fc 100644
2a7b11
--- a/common/options.c
2a7b11
+++ b/common/options.c
2a7b11
@@ -189,6 +189,8 @@ int parse_option_buffer (options, buffer, length, universe)
2a7b11
 
2a7b11
 		/* If the length is outrageous, the options are bad. */
2a7b11
 		if (offset + len > length) {
2a7b11
+			/* Avoid reference count overflow */
2a7b11
+			option_dereference(&option, MDL);
2a7b11
 			reason = "option length exceeds option buffer length";
2a7b11
 		      bogus:
2a7b11
 			log_error("parse_option_buffer: malformed option "