rpms / dhcp

Clone
Source Code
GIT

Blame SOURCES/dhcp-4.2.5-reference_count_overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   dhcp-4.2.5-reference_count_overflow.patch
Blob History Raw
2a7b11 
diff --git a/common/options.c b/common/options.c
2a7b11 
index 83e0384..a58c5fc 100644
2a7b11 
--- a/common/options.c
2a7b11 
+++ b/common/options.c
2a7b11 
@@ -189,6 +189,8 @@ int parse_option_buffer (options, buffer, length, universe)
2a7b11
2a7b11 
 		/* If the length is outrageous, the options are bad. */
2a7b11 
 		if (offset + len > length) {
2a7b11 
+			/* Avoid reference count overflow */
2a7b11 
+			option_dereference(&option, MDL);
2a7b11 
 			reason = "option length exceeds option buffer length";
2a7b11 
 		      bogus:
2a7b11 
 			log_error("parse_option_buffer: malformed option "

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation