dhcp/dhcp-4.2.1-P1-CVE-2011-4539.diff

diff -Naurp dhcp-4.2.1-P1/common/dhcp-eval.5 dhcp-4.2.1-P1.oden/common/dhcp-eval.5
--- dhcp-4.2.1-P1/common/dhcp-eval.5	2010-07-06 19:03:11.000000000 +0000
+++ dhcp-4.2.1-P1.oden/common/dhcp-eval.5	2011-12-08 11:31:44.000000000 +0000
@@ -133,8 +133,8 @@ extended regex(7) matching of the values
 true if \fIdata-expression-1\fR matches against the regular expression
 evaluated by \fIdata-expression-2\fR, or false if it does not match or
 encounters some error.  If either the left-hand side or the right-hand side 
-are null, the result is also false.  The \fB~~\fR operator differs from the
-\fB~=\fR operator in that it is case-insensitive.
+are null or empty strings, the result is also false.  The \fB~~\fR operator
+differs from the \fB~=\fR operator in that it is case-insensitive.
 .RE
 .PP
 .I boolean-expression-1 \fBand\fR \fIboolean-expression-2\fR
diff -Naurp dhcp-4.2.1-P1/common/tree.c dhcp-4.2.1-P1.oden/common/tree.c
--- dhcp-4.2.1-P1/common/tree.c	2009-11-20 01:49:01.000000000 +0000
+++ dhcp-4.2.1-P1.oden/common/tree.c	2011-12-08 11:31:38.000000000 +0000
@@ -1120,6 +1120,7 @@ int evaluate_boolean_expression (result,
 		*result = 0;
 		memset(&re, 0, sizeof(re));
 		if (bleft && bright &&
+		    (left.data != NULL) && (right.data != NULL) &&
         	    (regcomp(&re, (char *)right.data, regflags) == 0) &&
 		    (regexec(&re, (char *)left.data, (size_t)0, NULL, 0) == 0))
 				*result = 1;