From: Thomas Markwalder <tmark@isc.org>
Date: Mon, 8 Sep 2014 20:05:23 +0000 (-0400)
Subject: [master] Added check for invalid failover message type.
X-Git-Tag: v4_3_2.pre-beta~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1b18c69601d84af97e6e11b5b49af1222190502;p=thirdparty%2Fdhcp.git

[master] Added check for invalid failover message type.

    Merges in rt36653
---

diff --git a/RELNOTES b/RELNOTES
index 4d14b3135..467ddd38e 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -62,6 +62,9 @@ by Eric Young (eay@cryptsoft.com).
   and hmac-sha512
   [ISC-Bugs #36947]
 
+- Added check for invalid failover message type.
+  [ISC-Bugs #36653]
+
 - Corrected rate limiting checks for bad packet logging.
   [ISC-Bugs #36897]
 
diff --git a/includes/failover.h b/includes/failover.h
index 090daee54..b49c2418c 100644
--- a/includes/failover.h
+++ b/includes/failover.h
@@ -161,6 +161,8 @@ typedef struct {
 #define FTM_CONTACT		11
 #define FTM_DISCONNECT		12
 
+#define FTM_MAX			FTM_DISCONNECT
+
 /* Reject reasons from Section 12.21: */
 #define FTR_ILLEGAL_IP_ADDR	1
 #define FTR_FATAL_CONFLICT	2
diff --git a/server/failover.c b/server/failover.c
index 19c3e0872..eb2612b7d 100644
--- a/server/failover.c
+++ b/server/failover.c
@@ -626,6 +626,12 @@ static isc_result_t do_a_failover_option (c, link)
 		return DHCP_R_PROTOCOLERROR;
 	}
 
+	if (link->imsg->type > FTM_MAX) {
+		log_error ("FAILOVER: invalid message type: %d",
+			   link->imsg->type);
+		return DHCP_R_PROTOCOLERROR;
+	}
+
 	/* Get option code. */
 	omapi_connection_get_uint16 (c, &option_code);
 	link -> imsg_count += 2;