- The notorious 'option <unknown> ... larger than buffer' log line,

  which is seen in some malformed DHCP client packets, was modified.
  It now logs the universe name, and does not log the length values
  (which are bogus corruption read from the packet anyway).  It also
  carries a hopefully more useful explanation. [ISC-Bugs #18241]

diff --git a/RELNOTES b/RELNOTES
index fd2d051551698aa855354f3c595628516c9e2849..1fb078ae67e9954ce71e4924197afdab4693874d 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -51,6 +51,12 @@ work on other platforms. Please report any problems and suggested fixes to
 
 - Validate the argument to the -p option.
 
+- The notorious 'option <unknown> ... larger than buffer' log line,
+  which is seen in some malformed DHCP client packets, was modified.
+  It now logs the universe name, and does not log the length values
+  (which are bogus corruption read from the packet anyway).  It also
+  carries a hopefully more useful explanation.
+
                         Changes since 4.1.0b1
 
 - A missing "else" in dhcrelay.c could have caused an interface not to

diff --git a/common/options.c b/common/options.c
index cd00e5327e37c6e4a01a4cf359b7f965d49862c3..0a4604ee8316ac9f6240fc54f5ecc361b6cb83cb 100644 (file)
--- a/common/options.c
+++ b/common/options.c
@@ -137,6 +137,7 @@ int parse_option_buffer (options, buffer, length, universe)
        struct option_cache *op = NULL, *nop = NULL;
        struct buffer *bp = (struct buffer *)0;
        struct option *option = NULL;
+       char *reason = "general failure";
 
        if (!buffer_allocate (&bp, length, MDL)) {
                log_error ("no memory for option buffer.");
@@ -155,7 +156,8 @@ int parse_option_buffer (options, buffer, length, universe)
 
                /* Don't look for length if the buffer isn't that big. */
                if ((offset + universe->length_size) > length) {
-                       len = 65536;
+                       reason = "code tag at end of buffer - missing "
+                                "length field";
                        goto bogus;
                }
 
@@ -187,10 +189,12 @@ int parse_option_buffer (options, buffer, length, universe)
 
                /* If the length is outrageous, the options are bad. */
                if (offset + len > length) {
+                       reason = "option length exceeds option buffer length";
                      bogus:
-                       log_error ("parse_option_buffer: option %s (%u:%u) %s.",
-                                  option ? option->name : "<unknown>",
-                                  code, len, "larger than buffer");
+                       log_error("parse_option_buffer: malformed option "
+                                 "%s.%s (code %u): %s.", universe->name,
+                                 option ? option->name : "<unknown>",
+                                 code, reason);
                        buffer_dereference (&bp, MDL);
                        return 0;
                }