[master] Fixed sporadic server crash when lease-id-format is hex

    Merges in rt43185.

diff --git a/RELNOTES b/RELNOTES
index 3b1ed215baf2987ce65a87e0770a14e7c1ecf82d..0b17a3199438ee7ab78688ac8e5ab582a4536aca 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -66,6 +66,11 @@ by Eric Young (eay@cryptsoft.com).
   for code clarity.
   [ISC-Bugs #42834]
 
+- Corrected a bug which could cause the server to sporadically crash while
+  loading lease files with the lease-id-format is set to "hex".  Our thanks
+  to Jay Ford, University of Iowa for reporting the issue.
+  [ISC-Bugs #43185]
+
                        Changes since 4.3.0 (bug fixes)
 
 - Tidy up several small tickets.

diff --git a/common/parse.c b/common/parse.c
index 22e7d58210f2ae280be2634948bda686ecffca68..b8ccf9df77bab8491fcddaa605e0b43e7b53ea39 100644 (file)
--- a/common/parse.c
+++ b/common/parse.c
@@ -98,7 +98,7 @@ void skip_to_rbrace (cfile, brace_count)
        enum dhcp_token token;
        const char *val;
 
-#if defined (DEBUG_TOKEN)
+#if defined (DEBUG_TOKENS)
        log_error("skip_to_rbrace: %d\n", brace_count);
 #endif
        do {

diff --git a/common/print.c b/common/print.c
index a694fedd9be35f42ae7b2aeb12e3b1ab377eb418..ce368c4dfab63cdaf5754c6d0642afeb233bad13 100644 (file)
--- a/common/print.c
+++ b/common/print.c
@@ -383,15 +383,27 @@ void print_hex_only (len, data, limit, buf)
        unsigned limit;
        char *buf;
 {
-       unsigned i;
+       char *bufptr = buf;
+       int byte = 0;
 
-       if ((buf == NULL) || (limit < 3))
+       if (data == NULL || bufptr == NULL || limit == 0) {
                return;
+       }
 
-       for (i = 0; (i < limit / 3) && (i < len); i++) {
-               sprintf(&buf[i*3], "%02x:", data[i]);
+       if (((len == 0) || ((len * 3) > limit))) {
+               *bufptr = 0x0;
+               return;
        }
-       buf[(i * 3) - 1] = 0;
+
+       for ( ; byte < len; ++byte) {
+               if (byte > 0) {
+                       *bufptr++ = ':';
+               }
+
+               sprintf(bufptr, "%02x", data[byte]);
+               bufptr += 2;
+       }
+
        return;
 }
 

diff --git a/common/tests/misc_unittest.c b/common/tests/misc_unittest.c
index 6cefa6e773a795f280c97fbd9d0a0313dc987b98..0f9b80cf75644485da75c2159a163a85ccdb402a 100644 (file)
--- a/common/tests/misc_unittest.c
+++ b/common/tests/misc_unittest.c
@@ -153,6 +153,69 @@ ATF_TC_BODY(find_percent_adv, tc)
     return;
 }
 
+ATF_TC(print_hex_only);
+
+ATF_TC_HEAD(print_hex_only, tc)
+{
+    atf_tc_set_md_var(tc, "descr", "Verify hex data formatting.");
+}
+
+/* This test exercises the print_hex_only function
+ */
+ATF_TC_BODY(print_hex_only, tc)
+{
+    unsigned char data[] =  {0xaa,0xbb,0xcc,0xdd};
+    char* ref = "aa:bb:cc:dd";
+    char buf[14];
+    memset(buf, 'x', sizeof(buf));
+    int data_len = sizeof(data);
+    int expected_len = 12;
+
+    /* Proper input values should produce proper result */
+    print_hex_only (data_len, data, expected_len, buf);
+    if (strlen(buf) != strlen(ref)) {
+           atf_tc_fail("len of result is wrong");
+    }
+
+    if (strcmp(buf, ref)) {
+           atf_tc_fail("result doesn't match ref");
+    }
+
+    /* Make sure we didn't overrun the buffer */
+    if (buf[expected_len] != 'x') {
+           atf_tc_fail("data over run detected");
+    }
+
+    /* Buffer == null doesn't crash */
+    print_hex_only (data_len, data, expected_len, NULL);
+
+    /* Limit == 0 doesn't write (or crash) */
+    *buf = '-';
+    print_hex_only (data_len, data, 0, buf);
+    if (*buf != '-') {
+           atf_tc_fail("limit of zero, altered buffer");
+    }
+
+    /* data == NULL doesn't write (or crash) */
+    print_hex_only (data_len, NULL, expected_len, buf);
+    if (*buf != '-') {
+           atf_tc_fail("limit of zero, altered buffer");
+    }
+
+    /* Limit too small should produce zero length string */
+    *buf = '-';
+    print_hex_only (data_len, data, expected_len - 1, buf);
+    if (*buf != 0x0) {
+           atf_tc_fail("limit too small should have failed");
+    }
+
+    /* Data length of 0 should produce zero length string */
+    *buf = '-';
+    print_hex_only (0, data, expected_len, buf);
+    if (*buf != 0x0) {
+           atf_tc_fail("limit too small should have failed");
+    }
+}
        
 /* This macro defines main() method that will call specified
    test cases. tp and simple_test_case names can be whatever you want
@@ -161,6 +224,7 @@ ATF_TP_ADD_TCS(tp)
 {
     ATF_TP_ADD_TC(tp, find_percent_basic);
     ATF_TP_ADD_TC(tp, find_percent_adv);
+    ATF_TP_ADD_TC(tp, print_hex_only);
 
     return (atf_no_error());
 }