Don't leak the "access protected, zero sized object" returned by

calloc(N, 0). Avoid the whole controversy by skipping zero length
options while cloning a lease.

Leak reported by Remco van den Berg via bugs@. Additional testing
and diagnostic help from Benjamin Baier. Thanks!

1 files changed, 3 insertions, 1 deletions

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 2a2b5e875c5..4218aa40b23 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.349 2015/01/31 05:56:19 krw Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.350 2015/01/31 23:05:58 krw Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -2288,6 +2288,8 @@ clone_lease(struct client_lease *oldlease)
 	}
 
 	for (i = 0; i < 256; i++) {
+		if (oldlease->options[i].len == 0)
+			continue;
 		newlease->options[i].len = oldlease->options[i].len;
 		newlease->options[i].data = calloc(1, newlease->options[i].len);
 		if (newlease->options[i].data == NULL)