From: Roy Marples <roy@marples.name>
Date: Fri, 30 Jan 2009 20:18:35 +0000 (+0000)
Subject: We should zero the entire message struct so any options don't overflow into unallocat... 
X-Git-Tag: v5.0.0~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de82635c0435bf5b36f3e45f72138f543cd2e908;p=thirdparty%2Fdhcpcd.git

We should zero the entire message struct so any options don't overflow into unallocated memory when evaluating them.
---

diff --git a/dhcpcd.c b/dhcpcd.c
index 0dd9b289..9c7244f0 100644
--- a/dhcpcd.c
+++ b/dhcpcd.c
@@ -562,7 +562,6 @@ handle_dhcp_packet(void *arg)
 	uint8_t *packet;
 	struct dhcp_message *dhcp = NULL;
 	const uint8_t *pp;
-	uint8_t *p;
 	ssize_t bytes;
 
 	/* We loop through until our buffer is empty.
@@ -583,7 +582,7 @@ handle_dhcp_packet(void *arg)
 			continue;
 		}
 		if (!dhcp)
-			dhcp = xmalloc(sizeof(*dhcp));
+			dhcp = xzalloc(sizeof(*dhcp));
 		memcpy(dhcp, pp, bytes);
 		if (dhcp->cookie != htonl(MAGIC_COOKIE)) {
 			syslog(LOG_DEBUG, "%s: bogus cookie, ignoring",
@@ -607,13 +606,6 @@ handle_dhcp_packet(void *arg)
 			       hwaddr_ntoa(dhcp->chaddr, sizeof(dhcp->chaddr)));
 			continue;
 		}
-		/* We should ensure that the packet is terminated correctly
-		 * if we have space for the terminator */
-		if ((size_t)bytes != sizeof(*dhcp)) {
-			p = (uint8_t *)dhcp + (bytes - 1);
-			if (*p != DHO_END)
-				*++p = DHO_END;
-		}
 		handle_dhcp(iface, &dhcp);
 		if (iface->raw_fd == -1)
 			break;