From 17b0fefe5eadf50924168f397911dc99a9b37a9b Mon Sep 17 00:00:00 2001 From: Shawn Routhier Date: Fri, 22 Oct 2010 20:05:44 +0000 Subject: [PATCH] Handle a relay forward message with an unspecified address in the link address field. Previously such a message would cause the server to crash. [ISC-Bugs #21992] --- RELNOTES | 5 +++++ server/dhcpv6.c | 18 +++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/RELNOTES b/RELNOTES index 2404375a6..2a862e2c5 100644 --- a/RELNOTES +++ b/RELNOTES @@ -128,6 +128,11 @@ work on other platforms. Please report any problems and suggested fixes to line to nroff, escape them if we actually want a quote. [ISC-Bugs #18916] sync the pointer to web pages amongst the different docs +! Handle a relay forward message with an unspecified address in the + link address field. Previously such a message would cause the + server to crash. [ISC-Bugs #21992] + CERT: TBA CVE: TBA + Changes since 4.2.0b2 - Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472] diff --git a/server/dhcpv6.c b/server/dhcpv6.c index 241180525..7158d06df 100644 --- a/server/dhcpv6.c +++ b/server/dhcpv6.c @@ -4207,10 +4207,25 @@ shared_network_from_packet6(struct shared_network **shared, * If there is no link address, we will use the interface * that this packet came in on to pick the shared_network. */ - } else { + } else if (packet->interface != NULL) { status = shared_network_reference(shared, packet->interface->shared_network, MDL); + if (packet->dhcpv6_container_packet != NULL) { + log_info("[L2 Relay] No link address in relay packet " + "assuming L2 relay and using receiving " + "interface"); + } + + } else { + /* + * We shouldn't be able to get here but if there is no link + * address and no interface we don't know where to get the + * pool from log an error and return an error. + */ + log_error("No interface and no link address " + "can't determine pool"); + status = DHCP_R_INVALIDARG; } return status; @@ -5508,6 +5523,7 @@ dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) { enc_packet->client_port = packet->client_port; enc_packet->client_addr = packet->client_addr; + interface_reference(&enc_packet->interface, packet->interface, MDL); enc_packet->dhcpv6_container_packet = packet; msg_type = enc_opt_data.data[0]; -- 2.47.3