diff -up dhcp-4.3.2/includes/site.h.CVE-2016-2774 dhcp-4.3.2/includes/site.h

--- dhcp-4.3.2/includes/site.h.CVE-2016-2774	2016-05-02 15:46:39.603504261 +0200

+++ dhcp-4.3.2/includes/site.h	2016-05-02 15:47:02.296484178 +0200

@@ -289,6 +289,12 @@

    this option will be removed at some time. */

 /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */

+/* Limit the value of a file descriptor the serve will use

+   when accepting a connecting request.  This can be used to

+   limit the number of TCP connections that the server will

+   allow at one time.  A value of 0 means there is no limit.*/

+#define MAX_FD_VALUE 200

+

 /* Include definitions for various options.  In general these

    should be left as is, but if you have already defined one

    of these and prefer your definition you can comment the 

diff -up dhcp-4.3.2/omapip/listener.c.CVE-2016-2774 dhcp-4.3.2/omapip/listener.c

--- dhcp-4.3.2/omapip/listener.c.CVE-2016-2774	2015-02-26 20:35:43.000000000 +0100

+++ dhcp-4.3.2/omapip/listener.c	2016-05-02 15:46:39.603504261 +0200

@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_

 			return ISC_R_NORESOURCES;

 		return ISC_R_UNEXPECTED;

 	}

-	

+

+	if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {

+		close(socket);

+		return (ISC_R_NORESOURCES);

+	}

+

 #if defined (TRACING)

 	/* If we're recording a trace, remember the connection. */

 	if (trace_record ()) {