diff --git a/dhcp-4.1.1-P1-optional-value-infinite-loop.diff b/dhcp-4.1.1-P1-optional-value-infinite-loop.diff new file mode 100644 index 0000000..cfe480d --- /dev/null +++ b/dhcp-4.1.1-P1-optional-value-infinite-loop.diff @@ -0,0 +1,46 @@ +From 912eb17103f764ef4486b30a4801af64321a23ed Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Fri, 29 Oct 2010 18:51:02 +0200 +Subject: [PATCH] dhcp-4.1.1-P1-optional-value-infinite-loop + +Fixed dhcp server infinite loop while parsing options with optional +parts in the value such as in slp-service-scope option (bnc#643845, +[ISC-Bugs #22410]). + +Signed-off-by: Marius Tomaschewski +--- + common/parse.c | 17 ++++++++++++++++- + 1 files changed, 16 insertions(+), 1 deletions(-) + +diff --git a/common/parse.c b/common/parse.c +index 34b909a..081dcc9 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -4931,8 +4931,23 @@ struct option *option; + do { + if ((*fmt == 'A') || (*fmt == 'a')) + break; +- if (*fmt == 'o') ++ if (*fmt == 'o') { ++ /* previous value were optional */ ++ fmt++; + continue; ++ } ++ if (fmt[1] == 'o') { ++ /* ++ * value for current format code is optional ++ * check if the next token is a semicolon; ++ * it is expected to be read by our caller. ++ */ ++ token = peek_token (&val, (unsigned *)0, cfile); ++ if (token == SEMI) { ++ fmt++; ++ continue; ++ } ++ } + + tmp = *expr; + *expr = NULL; +-- +1.7.1 + diff --git a/dhcp-4.1.1-P1-relay-no-ip-on-interface.diff b/dhcp-4.1.1-P1-relay-no-ip-on-interface.diff new file mode 100644 index 0000000..68e1e3f --- /dev/null +++ b/dhcp-4.1.1-P1-relay-no-ip-on-interface.diff @@ -0,0 +1,31 @@ +From 4509d956715297469469ab0e207c2641f521470d Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Fri, 29 Oct 2010 18:49:06 +0200 +Subject: [PATCH] dhcp-4.1.1-P1-relay-no-ip-on-interface + +Fix for a dhcrelay segfault while receiving packets on interfaces +without any IPv4 address assigned (bnc#631305, [ISC-Bugs #22409]). + +Signed-off-by: Marius Tomaschewski +--- + relay/dhcrelay.c | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index 11676ae..c375c83 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -565,6 +565,10 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet, + log_info("Discarding packet with invalid hlen."); + return; + } ++ if (ip->address_count < 1 || ip->addresses == NULL) { ++ log_info("Discarding packet from interface without IP address"); ++ return; ++ } + + /* Find the interface that corresponds to the giaddr + in the packet. */ +-- +1.7.1 + diff --git a/dhcp.changes b/dhcp.changes index 25df296..6ac32ac 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Nov 2 09:48:56 UTC 2010 - mt@suse.de + +- Fixed a dhcrelay segfault while receiving packets on interfaces + without any IPv4 address assigned (bnc#631305, reported upsteam + as [ISC-Bugs #22409]). +- Fixed a common infinite loop while parsing options with optional + parts in the value such as in slp-service-scope option (bnc#643845, + reported upsteam as [ISC-Bugs #22410]). +- Fixed init scripts to report correct LSB codes in status action, + when the config file or the binary do not exists (bnc#640336). +- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580) +- Avoid pid check error message in the rcdhcpd[6] (bnc#646875) + ------------------------------------------------------------------- Wed Sep 29 10:26:37 UTC 2010 - mt@suse.de diff --git a/dhcp.spec b/dhcp.spec index 721d1c4..9ec3883 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -84,6 +84,8 @@ Patch31: dhcp-4.1.1-ldap-patch-mt-01_option-numbers.diff Patch30: dhcp-4.1.1-dhclient-no-libcrypto.diff %endif Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff +Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff +Patch42: dhcp-4.1.1-P1-slp-loop.diff ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -209,12 +211,15 @@ Authors: %patch30 -p1 %endif %patch40 -p1 +%patch41 -p0 +%patch42 -p0 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* %build CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused" +CFLAGS=$(echo "$CFLAGS" | sed -e "s/-O./-O0/g") %ifarch ppc ppc64 s390x # bugs 134590, 171532 CFLAGS="$CFLAGS -fsigned-char" diff --git a/rc.dhcpd b/rc.dhcpd index a4d94a8..3e109e0 100644 --- a/rc.dhcpd +++ b/rc.dhcpd @@ -96,14 +96,33 @@ rc_reset # considered a success. if ! [ -x "$DAEMON_BIN" ]; then - if [ "$1" = "stop" ]; then exit 0; fi - echo >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." - exit 5 + case $1 in + stop) ;; + *) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) rc_failed 4 ;; + *) rc_failed 5 ;; + esac + rc_status -v + ;; + esac + rc_exit fi if ! [ -r "$DAEMON_CONF" ] ; then - if [ "$1" = "stop" ]; then exit 0; fi - echo >&2 "$0: \"$DAEMON_CONF\" config file missed. Exiting." - exit 6 + case $1 in + stop|status) + if test ! -s /etc/sysconfig/dhcpd ; then + test -e $DAEMON_STATE/$DAEMON_PIDFILE && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + fi + ;; + *) + echo -n >&2 "$0: \"$DAEMON_CONF\" config file missed. Exiting." + rc_failed 6 + rc_status -v + rc_exit + ;; + esac fi # remove empty pid files to avoid disturbing warnings by checkproc/killproc @@ -223,7 +242,7 @@ case "$1" in ## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.) if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE) - if test -n "$p" && grep -qE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then + if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then echo -n '(already running) ' else rm $CHROOT_PREFIX/$DAEMON_PIDFILE diff --git a/rc.dhcpd6 b/rc.dhcpd6 index 29770a9..a6ebd7a 100644 --- a/rc.dhcpd6 +++ b/rc.dhcpd6 @@ -100,14 +100,33 @@ rc_reset # considered a success. if ! [ -x "$DAEMON_BIN" ]; then - if [ "$1" = "stop" ]; then exit 0; fi - echo >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." - exit 5 + case $1 in + stop) ;; + *) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) rc_failed 4 ;; + *) rc_failed 5 ;; + esac + rc_status -v + ;; + esac + rc_exit fi if ! [ -r "$DAEMON_CONF" ] ; then - if [ "$1" = "stop" ]; then exit 0; fi - echo >&2 "$0: \"$DAEMON_CONF\" config file missed. Exiting." - exit 6 + case $1 in + stop|status) + if test ! -s /etc/sysconfig/dhcpd ; then + test -e $DAEMON_STATE/$DAEMON_PIDFILE && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + fi + ;; + *) + echo -n >&2 "$0: \"$DAEMON_CONF\" config file missed. Exiting." + rc_failed 6 + rc_status -v + rc_exit + ;; + esac fi # remove empty pid files to avoid disturbing warnings by checkproc/killproc @@ -227,7 +246,7 @@ case "$1" in ## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.) if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE) - if test -n "$p" && grep -qE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then + if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then echo -n '(already running) ' else rm $CHROOT_PREFIX/$DAEMON_PIDFILE diff --git a/rc.dhcrelay b/rc.dhcrelay index 47c49d2..2ceef2a 100644 --- a/rc.dhcrelay +++ b/rc.dhcrelay @@ -33,10 +33,19 @@ STARTPROC_LOGFILE=/var/log/rc.dhcrelay.log SUPPORTS_HUP="no" test -s "$DAEMON_CONF" && . "$DAEMON_CONF" -test -x $DAEMON_BIN || { - echo >&2 "$0: \"$DAEMON_BIN\" is not executable." - test "x$1" = xstop && exit 0 || exit 5 -} +if ! [ -x "$DAEMON_BIN" ]; then + case $1 in + stop) ;; + *) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) rc_failed 4 ;; + *) rc_failed 5 ;; + esac + rc_status -v + ;; + esac + rc_exit +fi # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status @@ -152,7 +161,7 @@ case "$1" in echo -n "Reload service $DAEMON" - if "$SUPPORTS_HUP" = "yes" ; then + if [ "$SUPPORTS_HUP" = "yes" ] ; then killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN #touch $DAEMON_PIDFILE rc_status -v @@ -165,7 +174,7 @@ case "$1" in ## Like force-reload, but if daemon does not support ## signalling, do nothing (!) - if "$SUPPORTS_HUP" = "yes" ; then + if [ "$SUPPORTS_HUP" = "yes" ] ; then # If it supports signalling: echo -n "Reload service $DAEMON" killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN diff --git a/rc.dhcrelay6 b/rc.dhcrelay6 index ddecca8..8bd273d 100644 --- a/rc.dhcrelay6 +++ b/rc.dhcrelay6 @@ -34,10 +34,19 @@ STARTPROC_LOGFILE=/var/log/rc.dhcrelay6.log SUPPORTS_HUP="no" test -s "$DAEMON_CONF" && . "$DAEMON_CONF" -test -x $DAEMON_BIN || { - echo >&2 "$0: \"$DAEMON_BIN\" is not executable." - test "x$1" = xstop && exit 0 || exit 5 -} +if ! [ -x "$DAEMON_BIN" ]; then + case $1 in + stop) ;; + *) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) rc_failed 4 ;; + *) rc_failed 5 ;; + esac + rc_status -v + ;; + esac + rc_exit +fi # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status @@ -160,7 +169,7 @@ case "$1" in echo -n "Reload service $DAEMON" - if "$SUPPORTS_HUP" = "yes" ; then + if [ "$SUPPORTS_HUP" = "yes" ] ; then killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN #touch $DAEMON_PIDFILE rc_status -v @@ -173,7 +182,7 @@ case "$1" in ## Like force-reload, but if daemon does not support ## signalling, do nothing (!) - if "$SUPPORTS_HUP" = "yes" ; then + if [ "$SUPPORTS_HUP" = "yes" ] ; then # If it supports signalling: echo -n "Reload service $DAEMON" killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN