This seems to be the result of the programmer misunderstanding strsep()
(unless I'm misunderstanding something). The return value is the
supplied string pointer. Because strsep() is called in a while loop,
each iteration's hn is the last iteration's inputstring. We therefore
have to keep a reference to the allocated string so that we can free it.
Index: dhclient.c
===================================================================
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.362
diff -u -p -r1.362 dhclient.c
--- dhclient.c 31 Aug 2015 21:32:07 -0000 1.362
+++ dhclient.c 7 Sep 2015 04:07:51 -0000
@@ -1923,13 +1923,13 @@ res_hnok(const char *name)
int
res_hnok_list(const char *names)
{
- char *hn, *inputstring;
+ char *orig_str, *hn, *inputstring;
int count;
if (strlen(names) >= 1024)
return (0);
- inputstring = strdup(names);
+ orig_str = inputstring = strdup(names);
if (inputstring == NULL)
error("Cannot copy domain name list");
@@ -1944,7 +1944,7 @@ res_hnok_list(const char *names)
break;
}
- free(inputstring);
+ free(orig_str);
return (count > 0 && count < 7 && hn == NULL);
}
