We should zero the entire message struct so any options don't overflow into unallocat...

diff --git a/dhcpcd.c b/dhcpcd.c
index 0dd9b289f2c7323b3202bfd57761998b8a1976fc..9c7244f06c36fd910f7429d8346088d1f580a37e 100644 (file)
--- a/dhcpcd.c
+++ b/dhcpcd.c
@@ -562,7 +562,6 @@ handle_dhcp_packet(void *arg)
        uint8_t *packet;
        struct dhcp_message *dhcp = NULL;
        const uint8_t *pp;
-       uint8_t *p;
        ssize_t bytes;
 
        /* We loop through until our buffer is empty.
@@ -583,7 +582,7 @@ handle_dhcp_packet(void *arg)
                        continue;
                }
                if (!dhcp)
-                       dhcp = xmalloc(sizeof(*dhcp));
+                       dhcp = xzalloc(sizeof(*dhcp));
                memcpy(dhcp, pp, bytes);
                if (dhcp->cookie != htonl(MAGIC_COOKIE)) {
                        syslog(LOG_DEBUG, "%s: bogus cookie, ignoring",
@@ -607,13 +606,6 @@ handle_dhcp_packet(void *arg)
                               hwaddr_ntoa(dhcp->chaddr, sizeof(dhcp->chaddr)));
                        continue;
                }
-               /* We should ensure that the packet is terminated correctly
-                * if we have space for the terminator */
-               if ((size_t)bytes != sizeof(*dhcp)) {
-                       p = (uint8_t *)dhcp + (bytes - 1);
-                       if (*p != DHO_END)
-                               *++p = DHO_END;
-               }
                handle_dhcp(iface, &dhcp);
                if (iface->raw_fd == -1)
                        break;