From: Shawn Routhier <sar@isc.org>
Date: Mon, 13 Dec 2010 20:36:04 +0000 (+0000)
Subject: Fix the handling of connection requests on the failover port.
X-Git-Tag: v4_2_1b1~15
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ffac66ec4fded7adb021a2c61c971932cb4ded9;p=thirdparty%2Fdhcp.git

Fix the handling of connection requests on the failover port.
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive.  [ISC-Bugs #22679]
CERT: VU#159528 CVE: CVE-2010-3616
---

diff --git a/RELNOTES b/RELNOTES
index 4dff15cae..e43a2ffcb 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -140,6 +140,12 @@ work on other platforms. Please report any problems and suggested fixes to
   as a hex list.  We shall investigate other ways of displaying time
   values more usefully.  [ISC-Bugs #22626]
 
+! Fix the handling of connection requests on the failover port.
+  Previously a connection request from a source that wasn't
+  listed as a failover peer would cause the server to become
+  non-responsive.  [ISC-Bugs #22679]
+  CERT: VU#159528 CVE: CVE-2010-3616 
+
 			Changes since 4.2.0rc1
 
 - Documentation cleanup covering multiple tickets
diff --git a/server/failover.c b/server/failover.c
index b91aea5e5..1dbcc1d10 100644
--- a/server/failover.c
+++ b/server/failover.c
@@ -1101,7 +1101,8 @@ isc_result_t dhcp_failover_listener_signal (omapi_object_t *o,
 	}		
 	if (!state) {
 		log_info ("failover: listener: no matching state");
-		return omapi_disconnect ((omapi_object_t *)c, 1);
+		omapi_disconnect ((omapi_object_t *)c, 1);
+		return(ISC_R_NOTFOUND);
 	}
 
 	obj = (dhcp_failover_link_t *)0;