rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity
97d7fc195d
dhcp/dhcp-4.2.3-P1-dhclient-zero-length-options.patch
Marius Tomaschewski a66d02d4db - Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix: 
Modify the DDNS handling code. In a previous patch we added logging
  code to the DDNS handling.  This code included a bug that caused it
  to attempt to dereference a NULL pointer and eventually segfault.
  While reviewing the code as we addressed this problem, we determined
  that some of the updates to the lease structures would not work as
  planned since the structures being updated were in the process of
  being freed: these updates were removed.  In addition we removed an
  incorrect call to the DDNS removal function that could cause a failure
  during the removal of DDNS information from the DNS server.
  Thanks to Jasper Jongmans for reporting this issue.
  ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239)
- Fixed close-on-exec patch to not set it on stderr (bnc#732910)
- Fixed incorrect "a" array type option parsing causing to discard
  e.g. classless static routes from lease file [reported as ISC-Bug
  27289] and zero-length option parsing such as dhcp6.rapid-commit
  in dhclient6 [reported as ISC-Bug 27314] (bnc#739696).
- Fixed dhclient to include its pid number in syslog messages.
- Fixed to use P2 in the spec version, not in the release tag.

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=85
2012-01-16 17:05:05 +00:00

66 lines
2.3 KiB
Diff
Raw Blame History

From 70330e5cb91616dd235b63e54b9fe0dc15f3d61b Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 5 Jan 2012 16:28:50 +0100
Subject: [PATCH] zero-length option lease parse error in dhclient6
common/parse.c:
Use peek_token only or the next_token call behind the while loop
will cause two warnings / errors in the log:
lease line XX: semicolon expected.
lease line XX: Unexpected end of file.
[there is a } behind the semicolon as the next token in my case]
and the option (lease?) gets discarded.
To reproduce, use "send dhcp6.rapid-commit;" to /etc/dhclient6.conf,
remove the lease file and start the client. When the lease is bound,
kill the client and start it again.
client/dhclient.c:
More of cosmetic nature - do not print zero-length options like there
would be a value missed, e.g. " option dhcp6.rapid-commit ;".
Signed-off-by: Marius Tomaschewski <mt@suse.de>
---
client/dhclient.c | 11 ++++++++---
common/parse.c | 2 +-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/client/dhclient.c b/client/dhclient.c
index bee8e1d..ee87aa6 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -2769,10 +2769,15 @@ void write_lease_option (struct option_cache *oc,
}
if (evaluate_option_cache (&ds, packet, lease, client_state,
in_options, cfg_options, scope, oc, MDL)) {
- fprintf(leaseFile, "%soption %s%s%s %s;\n", preamble,
- name, dot, oc->option->name,
- pretty_print_option(oc->option, ds.data, ds.len,
+ if(oc->option->format && oc->option->format[0] == 'Z' && ds.len == 0) {
+ fprintf(leaseFile, "%soption %s%s%s;\n", preamble,
+ name, dot, oc->option->name);
+ } else {
+ fprintf(leaseFile, "%soption %s%s%s %s;\n", preamble,
+ name, dot, oc->option->name,
+ pretty_print_option(oc->option, ds.data, ds.len,
1, 1));
+ }
data_string_forget (&ds, MDL);
}
}
diff --git a/common/parse.c b/common/parse.c
index 0fca63c..fe661d5 100644
--- a/common/parse.c
+++ b/common/parse.c
@@ -5715,7 +5715,7 @@ int parse_option_decl (oc, cfile)
goto alloc;
case 'Z': /* Zero-length option */
- token = next_token(&val, (unsigned *)0, cfile);
+ token = peek_token(&val, (unsigned *)0, cfile);
if (token != SEMI) {
parse_warn(cfile,
"semicolon expected.");
--
1.7.7
View Git Blame Copy Permalink