From: David Hankins Date: Wed, 7 Jan 2009 19:54:06 +0000 (+0000) Subject: - The notorious 'option ... larger than buffer' log line, X-Git-Tag: v4_2_0a1~114 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=47e6eb82cbb270749c31767fcd683d4b810eb5e2;p=thirdparty%2Fdhcp.git - The notorious 'option ... larger than buffer' log line, which is seen in some malformed DHCP client packets, was modified. It now logs the universe name, and does not log the length values (which are bogus corruption read from the packet anyway). It also carries a hopefully more useful explanation. [ISC-Bugs #18241] --- diff --git a/RELNOTES b/RELNOTES index fd2d05155..1fb078ae6 100644 --- a/RELNOTES +++ b/RELNOTES @@ -51,6 +51,12 @@ work on other platforms. Please report any problems and suggested fixes to - Validate the argument to the -p option. +- The notorious 'option ... larger than buffer' log line, + which is seen in some malformed DHCP client packets, was modified. + It now logs the universe name, and does not log the length values + (which are bogus corruption read from the packet anyway). It also + carries a hopefully more useful explanation. + Changes since 4.1.0b1 - A missing "else" in dhcrelay.c could have caused an interface not to diff --git a/common/options.c b/common/options.c index cd00e5327..0a4604ee8 100644 --- a/common/options.c +++ b/common/options.c @@ -137,6 +137,7 @@ int parse_option_buffer (options, buffer, length, universe) struct option_cache *op = NULL, *nop = NULL; struct buffer *bp = (struct buffer *)0; struct option *option = NULL; + char *reason = "general failure"; if (!buffer_allocate (&bp, length, MDL)) { log_error ("no memory for option buffer."); @@ -155,7 +156,8 @@ int parse_option_buffer (options, buffer, length, universe) /* Don't look for length if the buffer isn't that big. */ if ((offset + universe->length_size) > length) { - len = 65536; + reason = "code tag at end of buffer - missing " + "length field"; goto bogus; } @@ -187,10 +189,12 @@ int parse_option_buffer (options, buffer, length, universe) /* If the length is outrageous, the options are bad. */ if (offset + len > length) { + reason = "option length exceeds option buffer length"; bogus: - log_error ("parse_option_buffer: option %s (%u:%u) %s.", - option ? option->name : "", - code, len, "larger than buffer"); + log_error("parse_option_buffer: malformed option " + "%s.%s (code %u): %s.", universe->name, + option ? option->name : "", + code, reason); buffer_dereference (&bp, MDL); return 0; }