Free DHCP options with length zero.

Otherwise they are leaked, allowing an attacker to trigger memory exhaustion. This is options.c rev. 1.70 from OpenBSD. admbugs: 552 Obtained from: OpenBSD MFC after: 3 days
2019-06-26 20:19:48 +00:00 · 2019-06-26 20:19:48 +00:00 · 5baf985da7
commit 5baf985da7
parent a3ae40c7a4
1 changed files with 1 additions and 2 deletions
--- a/sbin/dhclient/options.c
+++ b/sbin/dhclient/options.c
@ -896,6 +896,5 @@ do_packet(struct interface_info *interface, struct dhcp_packet *packet,

 	/* Free the data associated with the options. */
 	for (i = 0; i < 256; i++)
-		if (tp.options[i].len && tp.options[i].data)
-			free(tp.options[i].data);
+		free(tp.options[i].data);
 }