diff options
author | Thomas Markwalder <tmark@isc.org> | 2022-08-04 16:22:35 -0400 |
---|---|---|
committer | Tomek Mrugalski <tomek@isc.org> | 2022-11-01 15:42:56 +0000 |
commit | 9e138021c88671f6902d5972fef922ce308a2d7c (patch) | |
tree | 820524af93c4380ac0357b455c2efcbd10389398 /common | |
parent | 6e491dab4454907795964604b4f3419b8b5e028b (diff) | |
download | isc-dhcp-9e138021c88671f6902d5972fef922ce308a2d7c.tar.gz |
[#254] Fixed memory leak in FQDN unpacking
RELNOTES
Added a release note
common/options.c
fqdn_universe_decode() - replace returns with
gotos to ensure memory is freed on label length
errors
Diffstat (limited to 'common')
-rw-r--r-- | common/options.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/common/options.c b/common/options.c index f0959cb2..25450e1d 100644 --- a/common/options.c +++ b/common/options.c @@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options, while (s < &bp -> data[0] + length + 2) { len = *s; if (len > 63) { - log_info ("fancy bits in fqdn option"); - return 0; + log_info ("label length exceeds 63 in fqdn option"); + goto bad; } if (len == 0) { terminated = 1; break; } if (s + len > &bp -> data [0] + length + 3) { - log_info ("fqdn tag longer than buffer"); - return 0; + log_info ("fqdn label longer than buffer"); + goto bad; } if (first_len == 0) { |