From: Thomas Markwalder Date: Tue, 20 Sep 2016 15:48:21 +0000 (-0400) Subject: [master] Fixed sporadic server crash when lease-id-format is hex X-Git-Tag: v4_4_0b1_f1~136 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5534984b29aa1e9c789ab337c4598981448f7dfd;p=thirdparty%2Fdhcp.git [master] Fixed sporadic server crash when lease-id-format is hex Merges in rt43185. --- diff --git a/RELNOTES b/RELNOTES index 3b1ed215b..0b17a3199 100644 --- a/RELNOTES +++ b/RELNOTES @@ -66,6 +66,11 @@ by Eric Young (eay@cryptsoft.com). for code clarity. [ISC-Bugs #42834] +- Corrected a bug which could cause the server to sporadically crash while + loading lease files with the lease-id-format is set to "hex". Our thanks + to Jay Ford, University of Iowa for reporting the issue. + [ISC-Bugs #43185] + Changes since 4.3.0 (bug fixes) - Tidy up several small tickets. diff --git a/common/parse.c b/common/parse.c index 22e7d5821..b8ccf9df7 100644 --- a/common/parse.c +++ b/common/parse.c @@ -98,7 +98,7 @@ void skip_to_rbrace (cfile, brace_count) enum dhcp_token token; const char *val; -#if defined (DEBUG_TOKEN) +#if defined (DEBUG_TOKENS) log_error("skip_to_rbrace: %d\n", brace_count); #endif do { diff --git a/common/print.c b/common/print.c index a694fedd9..ce368c4df 100644 --- a/common/print.c +++ b/common/print.c @@ -383,15 +383,27 @@ void print_hex_only (len, data, limit, buf) unsigned limit; char *buf; { - unsigned i; + char *bufptr = buf; + int byte = 0; - if ((buf == NULL) || (limit < 3)) + if (data == NULL || bufptr == NULL || limit == 0) { return; + } - for (i = 0; (i < limit / 3) && (i < len); i++) { - sprintf(&buf[i*3], "%02x:", data[i]); + if (((len == 0) || ((len * 3) > limit))) { + *bufptr = 0x0; + return; } - buf[(i * 3) - 1] = 0; + + for ( ; byte < len; ++byte) { + if (byte > 0) { + *bufptr++ = ':'; + } + + sprintf(bufptr, "%02x", data[byte]); + bufptr += 2; + } + return; } diff --git a/common/tests/misc_unittest.c b/common/tests/misc_unittest.c index 6cefa6e77..0f9b80cf7 100644 --- a/common/tests/misc_unittest.c +++ b/common/tests/misc_unittest.c @@ -153,6 +153,69 @@ ATF_TC_BODY(find_percent_adv, tc) return; } +ATF_TC(print_hex_only); + +ATF_TC_HEAD(print_hex_only, tc) +{ + atf_tc_set_md_var(tc, "descr", "Verify hex data formatting."); +} + +/* This test exercises the print_hex_only function + */ +ATF_TC_BODY(print_hex_only, tc) +{ + unsigned char data[] = {0xaa,0xbb,0xcc,0xdd}; + char* ref = "aa:bb:cc:dd"; + char buf[14]; + memset(buf, 'x', sizeof(buf)); + int data_len = sizeof(data); + int expected_len = 12; + + /* Proper input values should produce proper result */ + print_hex_only (data_len, data, expected_len, buf); + if (strlen(buf) != strlen(ref)) { + atf_tc_fail("len of result is wrong"); + } + + if (strcmp(buf, ref)) { + atf_tc_fail("result doesn't match ref"); + } + + /* Make sure we didn't overrun the buffer */ + if (buf[expected_len] != 'x') { + atf_tc_fail("data over run detected"); + } + + /* Buffer == null doesn't crash */ + print_hex_only (data_len, data, expected_len, NULL); + + /* Limit == 0 doesn't write (or crash) */ + *buf = '-'; + print_hex_only (data_len, data, 0, buf); + if (*buf != '-') { + atf_tc_fail("limit of zero, altered buffer"); + } + + /* data == NULL doesn't write (or crash) */ + print_hex_only (data_len, NULL, expected_len, buf); + if (*buf != '-') { + atf_tc_fail("limit of zero, altered buffer"); + } + + /* Limit too small should produce zero length string */ + *buf = '-'; + print_hex_only (data_len, data, expected_len - 1, buf); + if (*buf != 0x0) { + atf_tc_fail("limit too small should have failed"); + } + + /* Data length of 0 should produce zero length string */ + *buf = '-'; + print_hex_only (0, data, expected_len, buf); + if (*buf != 0x0) { + atf_tc_fail("limit too small should have failed"); + } +} /* This macro defines main() method that will call specified test cases. tp and simple_test_case names can be whatever you want @@ -161,6 +224,7 @@ ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, find_percent_basic); ATF_TP_ADD_TC(tp, find_percent_adv); + ATF_TP_ADD_TC(tp, print_hex_only); return (atf_no_error()); }