causing the server to apply configuration intended for one host to any
other innocent clients that come along later. [ISC-Bugs #22018]
+- Minor code fixes
+ [ISC-Bugs #19566] When trying to find the zone for a name for ddns allow
+ the name to be at the apex of the zone.
+ [ISC-Bugs #19617] Restrict length of interface name read from command line
+ in dhcpd - based on a patch from David Cantrell at Red Hat.
+ [ISC-Bugs #20039] Correct some error messages in dhcpd.c
+ [ISC-Bugs #20070] Better range check on values when creating a DHCID.
+ [ISC-Bugs #20198] Avoid writing past the end of the field when adding
+ overly long file or server names to a packet and add a log message
+ if the configuration supplied overly long names for these fields.
+ Thanks to Martin Pala.
+ [ISC-Bugs #21497] Add a little more randomness to rng seed in client
+ thanks to a patch from Jeremiah Jinno.
+
Changes since 4.2.0rc1
- Documentation cleanup covering multiple tickets
sizeof seed], sizeof seed);
seed += junk;
}
- srandom(seed + cur_time);
+ srandom(seed + cur_time + (unsigned)getpid());
/* Start a configuration state machine for each interface. */
#ifdef DHCPv6
/*
* For each subzone, try to find a cached zone.
- * Skip the first zone as that shouldn't work.
*/
- for (np = strchr(np, '.'); np != NULL; np = strchr(np, '.')) {
- np++;
+ for (;;) {
status = dns_zone_lookup (&zone, np);
if (status == ISC_R_SUCCESS)
break;
+
+ np = strchr(np, '.');
+ if (np == NULL)
+ break;
+ np++;
}
if (status != ISC_R_SUCCESS)
id->buffer->data[0] = ISC_MD5_DIGESTLENGTH * 2 + 2;
/* Put the type in the next two bytes. */
- id->buffer->data[1] = "0123456789abcdef"[type >> 4];
+ id->buffer->data[1] = "0123456789abcdef"[(type >> 4) & 0xf];
+ /* This should have been [type & 0xf] but now that
+ * it is in use we need to leave it this way in order
+ * to avoid disturbing customer's lease files
+ */
id->buffer->data[2] = "0123456789abcdef"[type % 15];
/* Mash together an MD5 hash of the identifier. */
packet -> options, (struct option_state *)0,
&global_scope, oc, MDL)) {
i = d1.len;
- if (i > sizeof raw.file)
- i = sizeof raw.file;
- else
- raw.file [i] = 0;
+ if (i >= sizeof(raw.file)) {
+ log_info("file name longer than packet field "
+ "truncated - field: %d name: %d %.*s",
+ sizeof(raw.file), i, i, d1.data);
+ i = sizeof(raw.file);
+ } else
+ raw.file[i] = 0;
memcpy (raw.file, d1.data, i);
data_string_forget (&d1, MDL);
}
packet -> options, (struct option_state *)0,
&global_scope, oc, MDL)) {
i = d1.len;
- if (i > sizeof raw.sname)
- i = sizeof raw.sname;
- else
- raw.sname [i] = 0;
+ if (i >= sizeof(raw.sname)) {
+ log_info("server name longer than packet field "
+ "truncated - field: %d name: %d %.*s",
+ sizeof(raw.sname), i, i, d1.data);
+ i = sizeof(raw.sname);
+ } else
+ raw.sname[i] = 0;
memcpy (raw.sname, d1.data, i);
data_string_forget (&d1, MDL);
}
if (sizeof raw.file > state -> filename.len)
memset (&raw.file [state -> filename.len], 0,
(sizeof raw.file) - state -> filename.len);
+ else
+ log_info("file name longer than packet field "
+ "truncated - field: %d name: %d %.*s",
+ sizeof(raw.file), state->filename.len,
+ state->filename.len, state->filename.data);
} else
bufs |= 1;
if (sizeof raw.sname > state -> server_name.len)
memset (&raw.sname [state -> server_name.len], 0,
(sizeof raw.sname) - state -> server_name.len);
+ else
+ log_info("server name longer than packet field "
+ "truncated - field: %d name: %d %.*s",
+ sizeof(raw.sname), state->server_name.len,
+ state->server_name.len,
+ state->server_name.data);
} else
bufs |= 2; /* XXX */
} else {
struct interface_info *tmp =
(struct interface_info *)0;
+ if (strlen(argv[i]) >= sizeof(tmp->name))
+ log_fatal("%s: interface name too long "
+ "(is %ld)",
+ argv[i], (long)strlen(argv[i]));
result = interface_allocate (&tmp, MDL);
if (result != ISC_R_SUCCESS)
log_fatal ("Insufficient memory to %s %s: %s",
if (db.len == 4) {
memcpy (&limited_broadcast, db.data, 4);
} else
- log_fatal ("invalid remote port data length");
+ log_fatal ("invalid broadcast address data length");
data_string_forget (&db, MDL);
}
if (db.len == 4) {
memcpy (&local_address, db.data, 4);
} else
- log_fatal ("invalid remote port data length");
+ log_fatal ("invalid local address data length");
data_string_forget (&db, MDL);
}
projects / thirdparty / dhcp.git / commitdiff
