diff -up dhcp-4.1.0/client/dhclient.c.CVE-2009-0692 dhcp-4.1.0/client/dhclient.c
--- dhcp-4.1.0/client/dhclient.c.CVE-2009-0692	2008-06-11 10:17:10.000000000 -1000
+++ dhcp-4.1.0/client/dhclient.c	2009-08-05 11:32:24.000000000 -1000
@@ -3054,8 +3054,15 @@ void script_write_params (client, prefix
 		if (data.len > 3) {
 			struct iaddr netmask, subnet, broadcast;
 
-			memcpy (netmask.iabuf, data.data, data.len);
-			netmask.len = data.len;
+			/*
+			 * No matter the length of the subnet-mask option,
+			 * use only the first four octets.  Note that
+			 * subnet-mask options longer than 4 octets are not
+			 * in conformance with RFC 2132, but servers with this
+			 * flaw do exist.
+			 */
+			memcpy(netmask.iabuf, data.data, 4);
+			netmask.len = 4;
 			data_string_forget (&data, MDL);
 
 			subnet = subnet_number (lease -> address, netmask);