From 43f447b121b38c01a7c5626a51cc571a822250b8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 26 Aug 2015 19:18:11 +0200
Subject: [PATCH] dhcp: be more careful when parsing strings from DHCP packets

Let's make sure there's no embedded 0 byte. Also, let's reset the string
if the length is zero.
---
 src/libsystemd-network/sd-dhcp-lease.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index f5b9e22589..57369a353d 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -287,13 +287,17 @@ static int lease_parse_string(const uint8_t *option, size_t len, char **ret) {
         if (len >= 1) {
                 char *string;
 
+                if (memchr(option, 0, len))
+                        return -EINVAL;
+
                 string = strndup((const char *)option, len);
                 if (!string)
-                        return -errno;
+                        return -ENOMEM;
 
                 free(*ret);
                 *ret = string;
-        }
+        } else
+                *ret = mfree(*ret);
 
         return 0;
 }