From: Roy Marples <roy@marples.name>
Date: Wed, 4 Sep 2019 10:23:16 +0000 (+0100)
Subject: DHCP: Don't leak the malloc of the truncated lease file
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec45ae0d01daa4d49135feffd05398e9b57a91a2;p=thirdparty%2Fdhcpcd.git

DHCP: Don't leak the malloc of the truncated lease file
---

diff --git a/src/dhcp-common.c b/src/dhcp-common.c
index 1f16f2cb..dab20a2e 100644
--- a/src/dhcp-common.c
+++ b/src/dhcp-common.c
@@ -961,6 +961,8 @@ dhcp_read_lease_fd(int fd, void **lease)
 	}
 
 	sz = (size_t)st.st_size;
+	if (sz == 0)
+		goto out;
 	if ((buf = malloc(sz)) == NULL)
 		goto out;
 	if ((len = read(fd, buf, sz)) == -1) {
diff --git a/src/dhcp.c b/src/dhcp.c
index f5c5c094..eafd6e7a 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -1176,10 +1176,8 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 	bytes = dhcp_read_lease_fd(fd, (void **)&lease);
 	if (fd_opened)
 		close(fd);
-	if (bytes == 0) {
-		free(lease);
+	if (bytes == 0)
 		return 0;
-	}
 
 	/* Ensure the packet is at lease BOOTP sized
 	 * with a vendor area of 4 octets
diff --git a/src/dhcp6.c b/src/dhcp6.c
index 81a40c77..ebb86cc6 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
@@ -2488,7 +2488,6 @@ dhcp6_readlease(struct interface *ifp, int validate)
 	struct dhcp6_state *state;
 	struct stat st;
 	int fd;
-	struct dhcp6_message *lease;
 	time_t now;
 	int retval;
 	bool fd_opened;
@@ -2514,10 +2513,8 @@ dhcp6_readlease(struct interface *ifp, int validate)
 	if (fd == -1)
 		return -1;
 	retval = -1;
-	lease = NULL;
 	free(state->new);
-	state->new_len = dhcp_read_lease_fd(fd, (void **)&lease);
-	state->new = state->new_len != 0 ? lease : NULL;
+	state->new_len = dhcp_read_lease_fd(fd, (void **)&state->new);
 	if (fd_opened)
 		close(fd);