Blame SOURCES/dhcp-4.3.6-reference_count_overflow.patch

26a25c
diff --git a/common/options.c b/common/options.c
26a25c
index 83e0384..a58c5fc 100644
26a25c
--- a/common/options.c
26a25c
+++ b/common/options.c
26a25c
@@ -189,6 +189,8 @@ int parse_option_buffer (options, buffer, length, universe)
26a25c
 
26a25c
 		/* If the length is outrageous, the options are bad. */
26a25c
 		if (offset + len > length) {
26a25c
+			/* Avoid reference count overflow */
26a25c
+			option_dereference(&option, MDL);
26a25c
 			reason = "option length exceeds option buffer length";
26a25c
 		      bogus:
26a25c
 			log_error("parse_option_buffer: malformed option "