[master] Added check for invalid failover message type.

    Merges in rt36653

diff --git a/RELNOTES b/RELNOTES
index 4d14b3135ec8718a3809ad03e04b93634be42149..467ddd38e0afdd2a61522d9edce2b41ed23b9af8 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -62,6 +62,9 @@ by Eric Young (eay@cryptsoft.com).
   and hmac-sha512
   [ISC-Bugs #36947]
 
+- Added check for invalid failover message type.
+  [ISC-Bugs #36653]
+
 - Corrected rate limiting checks for bad packet logging.
   [ISC-Bugs #36897]
 

diff --git a/includes/failover.h b/includes/failover.h
index 090daee540556dafa851ade54915352cda4f81de..b49c2418cca26a7b3cc299a8c3e97935804f741c 100644 (file)
--- a/includes/failover.h
+++ b/includes/failover.h
@@ -161,6 +161,8 @@ typedef struct {
 #define FTM_CONTACT            11
 #define FTM_DISCONNECT         12
 
+#define FTM_MAX                        FTM_DISCONNECT
+
 /* Reject reasons from Section 12.21: */
 #define FTR_ILLEGAL_IP_ADDR    1
 #define FTR_FATAL_CONFLICT     2

diff --git a/server/failover.c b/server/failover.c
index 19c3e087285217f8bb8f3e74bb1780bfd034aca7..eb2612b7da8f98d4c17918294091495ed4245a51 100644 (file)
--- a/server/failover.c
+++ b/server/failover.c
@@ -626,6 +626,12 @@ static isc_result_t do_a_failover_option (c, link)
                return DHCP_R_PROTOCOLERROR;
        }
 
+       if (link->imsg->type > FTM_MAX) {
+               log_error ("FAILOVER: invalid message type: %d",
+                          link->imsg->type);
+               return DHCP_R_PROTOCOLERROR;
+       }
+
        /* Get option code. */
        omapi_connection_get_uint16 (c, &option_code);
        link -> imsg_count += 2;