From: Shawn Routhier <sar@isc.org>
Date: Wed, 8 Sep 2010 22:13:05 +0000 (+0000)
Subject: Minor code fixes
X-Git-Tag: v4_3_0a1~263
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66be0ad13f2783606472d373a8d3ccd33eac9458;p=thirdparty%2Fdhcp.git

Minor code fixes
 [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
 the name to be at the apex of the zone.
 [ISC-Bugs #19617] Restrict length of interface name read from command line
 in dhcpd - based on a patch from David Cantrell at Red Hat.
 [ISC-Bugs #20039] Correct some error messages in dhcpd.c
 [ISC-Bugs #20070] Better range check on values when creating a DHCID.
 [ISC-Bugs #20198] Avoid writing past the end of the field when adding
 overly long file or server names to a packet and add a log message
 if the configuration supplied overly long names for these fields.
 [ISC-Bugs #21497] Add a little more randomness to rng seed in client
---

diff --git a/RELNOTES b/RELNOTES
index 62b296d0f..bc6b00963 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -71,6 +71,20 @@ work on other platforms. Please report any problems and suggested fixes to
   causing the server to apply configuration intended for one host to any
   other innocent clients that come along later.  [ISC-Bugs #22018]
 
+- Minor code fixes
+  [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
+  the name to be at the apex of the zone.
+  [ISC-Bugs #19617] Restrict length of interface name read from command line
+  in dhcpd - based on a patch from David Cantrell at Red Hat.
+  [ISC-Bugs #20039] Correct some error messages in dhcpd.c
+  [ISC-Bugs #20070] Better range check on values when creating a DHCID.
+  [ISC-Bugs #20198] Avoid writing past the end of the field when adding 
+  overly long file or server names to a packet and add a log message
+  if the configuration supplied overly long names for these fields.
+  Thanks to Martin Pala.
+  [ISC-Bugs #21497] Add a little more randomness to rng seed in client
+  thanks to a patch from Jeremiah Jinno.
+
 			Changes since 4.2.0b2
 
 - Add declaration for variable in debug code in alloc.c.  [ISC-Bugs #21472]
diff --git a/client/dhclient.c b/client/dhclient.c
index 640530a8e..69d6a05e6 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3,7 +3,7 @@
    DHCP Client. */
 
 /*
- * Copyright (c) 2004-2009 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2010 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1995-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -543,7 +543,7 @@ main(int argc, char **argv) {
 					    sizeof seed], sizeof seed);
 		seed += junk;
 	}
-	srandom(seed + cur_time);
+	srandom(seed + cur_time + (unsigned)getpid());
 
 	/* Start a configuration state machine for each interface. */
 #ifdef DHCPv6
diff --git a/common/dns.c b/common/dns.c
index b9d6d2ac6..8f1db46b7 100644
--- a/common/dns.c
+++ b/common/dns.c
@@ -658,13 +658,16 @@ find_cached_zone(dhcp_ddns_cb_t *ddns_cb, int direction)
 
 	/*
 	 * For each subzone, try to find a cached zone.
-	 * Skip the first zone as that shouldn't work.
 	 */
-	for (np = strchr(np, '.'); np != NULL; np = strchr(np, '.')) {
-		np++;
+	for (;;) {
 		status = dns_zone_lookup (&zone, np);
 		if (status == ISC_R_SUCCESS)
 			break;
+
+		np = strchr(np, '.');
+		if (np == NULL)
+			break;
+		np++;
 	}
 
 	if (status != ISC_R_SUCCESS)
@@ -805,7 +808,11 @@ int get_dhcid (struct data_string *id,
 	id->buffer->data[0] = ISC_MD5_DIGESTLENGTH * 2 + 2;
 
 	/* Put the type in the next two bytes. */
-	id->buffer->data[1] = "0123456789abcdef"[type >> 4];
+	id->buffer->data[1] = "0123456789abcdef"[(type >> 4) & 0xf];
+	/* This should have been [type & 0xf] but now that
+	 * it is in use we need to leave it this way in order
+	 * to avoid disturbing customer's lease files
+	 */
 	id->buffer->data[2] = "0123456789abcdef"[type % 15];
   
 	/* Mash together an MD5 hash of the identifier. */
diff --git a/server/dhcp.c b/server/dhcp.c
index 8fbd7337f..374671c13 100644
--- a/server/dhcp.c
+++ b/server/dhcp.c
@@ -1084,10 +1084,13 @@ void dhcpinform (packet, ms_nulltp)
 				   packet -> options, (struct option_state *)0,
 				   &global_scope, oc, MDL)) {
 		i = d1.len;
-		if (i > sizeof raw.file)
-			i = sizeof raw.file;
-		else
-			raw.file [i] = 0;
+		if (i >= sizeof(raw.file)) {
+			log_info("file name longer than packet field "
+				 "truncated - field: %d name: %d %.*s", 
+				 sizeof(raw.file), i, i, d1.data);
+			i = sizeof(raw.file);
+		} else
+			raw.file[i] = 0;
 		memcpy (raw.file, d1.data, i);
 		data_string_forget (&d1, MDL);
 	}
@@ -1100,10 +1103,13 @@ void dhcpinform (packet, ms_nulltp)
 				   packet -> options, (struct option_state *)0,
 				   &global_scope, oc, MDL)) {
 		i = d1.len;
-		if (i > sizeof raw.sname)
-			i = sizeof raw.sname;
-		else
-			raw.sname [i] = 0;
+		if (i >= sizeof(raw.sname)) {
+			log_info("server name longer than packet field "
+				 "truncated - field: %d name: %d %.*s", 
+				 sizeof(raw.sname), i, i, d1.data);
+			i = sizeof(raw.sname);
+		} else
+			raw.sname[i] = 0;
 		memcpy (raw.sname, d1.data, i);
 		data_string_forget (&d1, MDL);
 	}
@@ -3010,6 +3016,11 @@ void dhcp_reply (lease)
 		if (sizeof raw.file > state -> filename.len)
 			memset (&raw.file [state -> filename.len], 0,
 				(sizeof raw.file) - state -> filename.len);
+		else 
+			log_info("file name longer than packet field "
+				 "truncated - field: %d name: %d %.*s", 
+				 sizeof(raw.file), state->filename.len,
+				 state->filename.len, state->filename.data);
 	} else
 		bufs |= 1;
 
@@ -3023,6 +3034,12 @@ void dhcp_reply (lease)
 		if (sizeof raw.sname > state -> server_name.len)
 			memset (&raw.sname [state -> server_name.len], 0,
 				(sizeof raw.sname) - state -> server_name.len);
+		else 
+			log_info("server name longer than packet field "
+				 "truncated - field: %d name: %d %.*s", 
+				 sizeof(raw.sname), state->server_name.len,
+				 state->server_name.len,
+				 state->server_name.data);
 	} else
 		bufs |= 2; /* XXX */
 
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 43d9efaab..1cac5397f 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -404,6 +404,10 @@ main(int argc, char **argv) {
 		} else {
 			struct interface_info *tmp =
 				(struct interface_info *)0;
+			if (strlen(argv[i]) >= sizeof(tmp->name))
+				log_fatal("%s: interface name too long "
+					  "(is %ld)",
+					  argv[i], (long)strlen(argv[i]));
 			result = interface_allocate (&tmp, MDL);
 			if (result != ISC_R_SUCCESS)
 				log_fatal ("Insufficient memory to %s %s: %s",
@@ -1014,7 +1018,7 @@ void postconf_initialization (int quiet)
 		if (db.len == 4) {
 			memcpy (&limited_broadcast, db.data, 4);
 		} else
-			log_fatal ("invalid remote port data length");
+			log_fatal ("invalid broadcast address data length");
 		data_string_forget (&db, MDL);
 	}
 
@@ -1028,7 +1032,7 @@ void postconf_initialization (int quiet)
 		if (db.len == 4) {
 			memcpy (&local_address, db.data, 4);
 		} else
-			log_fatal ("invalid remote port data length");
+			log_fatal ("invalid local address data length");
 		data_string_forget (&db, MDL);
 	}