[rt30024] This is a commit message

Fix a pair of memory leaks.

diff --git a/RELNOTES b/RELNOTES
index 53cddaffe15fa22b11287ac67cd6207c52a84580..b5c9134f86b6ccd3b43955aaf34456b9af30ad71 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -97,6 +97,12 @@ work on other platforms. Please report any problems and suggested fixes to
   [ISC-Bugs #29852]
   CVE: CVE-2012-3570
 
+! A pair of memory leaks were found and fixed.  Thanks to
+  Glen Eustace of Massey University, New Zealand for finding
+  this issue.
+  [ISC-Bugs #30024]
+  CVE: TBD
+
                        Changes since 4.2.3
 
 ! Add a check for a null pointer before calling the regexec function.

diff --git a/common/options.c b/common/options.c
index 56d2e88ea42c957a78e10cb396e8c48cca28e0ea..f3a3db07d720e7dc820be4d79e5622bafd46b4c4 100644 (file)
--- a/common/options.c
+++ b/common/options.c
@@ -2403,6 +2403,8 @@ prepare_option_buffer(struct universe *universe, struct buffer *bp,
 
        /* And let go of our references. */
       cleanup:
+       if (lbp != NULL)
+               buffer_dereference(&lbp, MDL);
        option_dereference(&option, MDL);
 
        return status;

diff --git a/server/dhcpv6.c b/server/dhcpv6.c
index d763c954e447a95edd1a87408c0a72b955f53a9e..aa22e691604956941b47de18e01cab1988d36db0 100644 (file)
--- a/server/dhcpv6.c
+++ b/server/dhcpv6.c
@@ -1519,6 +1519,8 @@ lease_to_client(struct data_string *reply_ret,
                packet_dereference(&reply.packet, MDL);
        if (reply.client_id.data != NULL)
                data_string_forget(&reply.client_id, MDL);
+       if (packet_oro.buffer != NULL)
+               data_string_forget(&packet_oro, MDL);
        reply.renew = reply.rebind = reply.prefer = reply.valid = 0;
        reply.cursor = 0;
 }