From: Evan Hunt <each@isc.org>
Date: Fri, 27 Apr 2007 22:36:26 +0000 (+0000)
Subject: Fix a bug where dhcpd segfaults if a pool is declared outside a subnet
X-Git-Tag: v4_0_0a1~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61252edfa998d1bd0a826f5861354c1427723a44;p=thirdparty%2Fdhcp.git

Fix a bug where dhcpd segfaults if a pool is declared outside a subnet
in dhcpd.conf [rt16448]
---

diff --git a/RELNOTES b/RELNOTES
index 22e3712db..65ca83489 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -27,6 +27,9 @@ the README file.
 
 			Changes since 3.1.0b1
 
+- A bug was fixed that caused dhcpd to segfault if a pool was declared
+  outside the scope of a subnet in dhcpd.conf.
+
 - Some uninitialized values were repaired in dhcpleasequery.c that
   caused the server to abort.
 
diff --git a/server/confpars.c b/server/confpars.c
index 9951496ad..959b70ac5 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -34,7 +34,7 @@
 
 #ifndef lint
 static char copyright[] =
-"$Id: confpars.c,v 1.160 2007/01/29 10:25:55 shane Exp $ Copyright (c) 2004-2006 Internet Systems Consortium.  All rights reserved.\n";
+"$Id: confpars.c,v 1.161 2007/04/27 22:36:26 each Exp $ Copyright (c) 2004-2006 Internet Systems Consortium.  All rights reserved.\n";
 #endif /* not lint */
 
 #include "dhcpd.h"
@@ -550,11 +550,13 @@ int parse_statement (cfile, group, type, host_decl, declaration)
 		next_token (&val, (unsigned *)0, cfile);
 		if (type != SUBNET_DECL && type != SHARED_NET_DECL) {
 			parse_warn (cfile, "pool declared outside of network");
-		}
-		if (type == POOL_DECL) {
+			skip_to_semi(cfile);
+		} else if (type == POOL_DECL) {
 			parse_warn (cfile, "pool declared within pool.");
-		}
-		parse_pool_statement (cfile, group, type);
+			skip_to_semi(cfile);
+		} else
+			parse_pool_statement (cfile, group, type);
+
 		return declaration;
 
 	      case RANGE:
@@ -1318,7 +1320,8 @@ void parse_pool_statement (cfile, group, type)
 		shared_network_reference (&pool -> shared_network,
 					  group -> shared_network, MDL);
 
-	if (!clone_group (&pool -> group, pool -> shared_network -> group, MDL))
+	if (group->shared_network == NULL ||
+            !clone_group (&pool -> group, pool -> shared_network -> group, MDL))
 		log_fatal ("can't clone pool group.");
 
 #if defined (FAILOVER_PROTOCOL)