diff -up dhcp-4.3.2/includes/site.h.CVE-2016-2774 dhcp-4.3.2/includes/site.h
--- dhcp-4.3.2/includes/site.h.CVE-2016-2774 2016-05-02 15:46:39.603504261 +0200
+++ dhcp-4.3.2/includes/site.h 2016-05-02 15:47:02.296484178 +0200
@@ -289,6 +289,12 @@
this option will be removed at some time. */
/* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */
+/* Limit the value of a file descriptor the serve will use
+ when accepting a connecting request. This can be used to
+ limit the number of TCP connections that the server will
+ allow at one time. A value of 0 means there is no limit.*/
+#define MAX_FD_VALUE 200
+
/* Include definitions for various options. In general these
should be left as is, but if you have already defined one
of these and prefer your definition you can comment the
diff -up dhcp-4.3.2/omapip/listener.c.CVE-2016-2774 dhcp-4.3.2/omapip/listener.c
--- dhcp-4.3.2/omapip/listener.c.CVE-2016-2774 2015-02-26 20:35:43.000000000 +0100
+++ dhcp-4.3.2/omapip/listener.c 2016-05-02 15:46:39.603504261 +0200
@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_
return ISC_R_NORESOURCES;
return ISC_R_UNEXPECTED;
}
-
+
+ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
+ close(socket);
+ return (ISC_R_NORESOURCES);
+ }
+
#if defined (TRACING)
/* If we're recording a trace, remember the connection. */
if (trace_record ()) {