Shawn Routhier [Mon, 13 Aug 2012 23:22:32 +0000 (16:22 -0700)]
[rt29771]
[rt29770]
[rt29846]
Tidy up man pages, mostly convert a period followed by 1
or 3 spaces to a period followed by 2 spaces. This also
covers tickets 29770 and 29846
Shawn Routhier [Wed, 27 Jun 2012 21:33:25 +0000 (21:33 +0000)]
When attempting to convert a DUID from a client id option
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852]
CVE: CVE-2012-3570
Shawn Routhier [Wed, 27 Jun 2012 21:20:19 +0000 (21:20 +0000)]
Previously the server code was relaxed to allow packets with zero
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851]
CVE: CVE-2012-3571
Shawn Routhier [Fri, 8 Jun 2012 23:28:11 +0000 (23:28 +0000)]
A problem with missing get_hw_addr function when --enable-use-sockets
was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
that use-sockets feature was not tested on those systems. Client and
server code no longer use MAX_PATH constant that is not defined on
GNU/Hurd systems. [ISC-Bugs 25979]
Shawn Routhier [Wed, 6 Jun 2012 23:55:01 +0000 (23:55 +0000)]
The 'no available billing' log line now also logs the name of the last
matching billing class tried before failing to provide a billing.
ISC-Bugs #21759]
Shawn Routhier [Wed, 6 Jun 2012 22:50:31 +0000 (22:50 +0000)]
Fix some issues in the code for parsing and printing options.
[ISC-Bugs #22625] - properly print options that have several fields
followed by an array of something for example "fIa"
[ISC-Bugs #27289] - properly parse options in declarations that have
several fields followed by an array of something for example "fIa"
[ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
value in evaluate_numeric_expression (extract-int).
[ISC-Bugs #27314] - properly parse a zero length option from
a lease file. Thanks to Marius Tomaschewski from SUSE for the report
and prototype patch for this ticket as well as ticket 27289.
Fix up some issues found by static analysis
A potential memory leak and NULL dereference in omapi.
The use of a boolean test instead of a bitwise test in dst.
[ISC-Bugs #28941]
Fix the NA and PD allocation code to handle the case where a client
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvai respone.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2, to enable the previous style see the
seciton on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
may be removed in the future.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #22676]
Remove unnecessary checks in the lease query code and clean up
several compiler issues (some dereferences of NULL and treating
an int as a boolean).
[ISC-Bugs #26203]
Multiple items to clean up IPv6 address processing.
When processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else) before
handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs.
[ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
[ISC-Bugs #27684]
Update bind.sh to use git when getting the bind tarball
Update Makefile.bind to minimize the work when we've already
configured or compiled the bind tree.
Shawn Routhier [Tue, 20 Mar 2012 00:31:34 +0000 (00:31 +0000)]
Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
and dhcpv6_packet in several more places. Thanks to a report from
Bruno Verstuyft and Vincent Demaertelaere of Excentis.
[ISC-Bugs #27941]
Shawn Routhier [Mon, 19 Mar 2012 22:29:06 +0000 (22:29 +0000)]
Modify the code that determines if an outstanding DDNS request
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the txt and ptr records
weren't removed from the DNS.
[ISC-BUGS #27858]
Shawn Routhier [Thu, 16 Feb 2012 22:07:04 +0000 (22:07 +0000)]
Add a compile time check for the presence of the noreturn attribute
and use it for log_fatal if it's available. This will help code
checking programs to eliminate false positives.
[ISC-Bugs 27539]
Shawn Routhier [Thu, 16 Feb 2012 21:05:28 +0000 (21:05 +0000)]
Add support for Infiniband over sockets to the server and
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code. [ISC-Bugs #24245]
Shawn Routhier [Fri, 3 Feb 2012 22:47:43 +0000 (22:47 +0000)]
In the DDNS code handle error conditions more gracefully and add more
logging code. The major change is to handle unexpected cancel events
from the DNS client code.
[ISC-Bugs 26287].
Shawn Routhier [Thu, 5 Jan 2012 00:03:18 +0000 (00:03 +0000)]
Fixed the code that checks if an address the server is planning
to hand out is in a reserved range. This would appear as
the server being out of addresses in pools with particular ranges.
[ISC-Bugs #26498]
Shawn Routhier [Fri, 30 Dec 2011 23:08:41 +0000 (23:08 +0000)]
Modify the DDNS handling code. In a previous patch we added logging
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
[ISC-Bugs #27078]
CVE: CVE-2011-4868
Shawn Routhier [Tue, 22 Nov 2011 23:56:50 +0000 (23:56 +0000)]
Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
[ISC-Bugs #26704].
Shawn Routhier [Mon, 22 Aug 2011 20:39:19 +0000 (20:39 +0000)]
Fix the code that checks for an existing DDNS transaction to cancel
when removing DDNS information, so that we will continue with the
processing if we have a lease even if it doesn't have an outstanding
transaction. [ISC-Bugs #24682]
Two packets were found that cause a server to halt. The code
has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
DNS Update fix. A misconfigured server could crash during DNS update
processing if the configuration included overlapping pools or
multiple fixed-address entries for a single address. This issue
affected both IPv4 and IPv6. The fix allows a server to detect such
conditions, provides the user with extra information and recommended
steps to fix the problem. If the user enables the appropriate option
in site.h then server will be terminated
Correct an unsigned math operation when calculating the options
buffer space for bootp and use a better constant - DHCP packet
size instead of DHCP packet size + udp and iP headers.
Check that we have a packet->options structure before using it.
Only process packets that are longer than a bootp fixed packet
including server and file names. Previously we allowed for
shorter packets but that wasn't working and nobody noticed.
- Strict checks for content of domain-name DHCPv4 option can now be
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
Shawn Routhier [Wed, 1 Jun 2011 23:25:37 +0000 (23:25 +0000)]
Enlarge the buffer size used by the Omshell code and some of the
print routines to allow for greater than 60 characters or, when
printing as hex strings, 20 characters. [ISC-Bugs #22743]
Shawn Routhier [Tue, 24 May 2011 00:36:58 +0000 (00:36 +0000)]
Convert ISC_R_INPROGRESS status to ISC_R_SUCCESS when called from other
than the dispatch handler. This fixes an issue where omshell, when
run from the same platform as the server, would appear to fail to
connect. This is a companion to #21839. [ISC-Bugs #23592]