Djam/dhcp
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/dhcp.git synced 2025-02-23 13:32:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
dhcp/dhcp-4.2.1-P1-CVE-2011-2748,2749.diff
Rosa a782778d60 Automatic import for version 4.2.1
2012-02-01 14:24:24 +04:00

59 lines
2.7 KiB
Diff
Raw Permalink Blame History

diff -Naurp dhcp-4.2.1-P1/common/discover.c dhcp-4.2.1-P1.oden/common/discover.c
--- dhcp-4.2.1-P1/common/discover.c 2011-08-18 12:58:40.883411562 +0200
+++ dhcp-4.2.1-P1.oden/common/discover.c 2011-08-18 12:55:47.002338724 +0200
@@ -1391,12 +1391,16 @@ isc_result_t got_one (h)
if (result == 0)
return ISC_R_UNEXPECTED;
- /* If we didn't at least get the fixed portion of the BOOTP
- packet, drop the packet. We're allowing packets with no
- sname or filename, because we're aware of at least one
- client that sends such packets, but this definitely falls
- into the category of being forgiving. */
- if (result < DHCP_FIXED_NON_UDP - DHCP_SNAME_LEN - DHCP_FILE_LEN)
+ /*
+ * If we didn't at least get the fixed portion of the BOOTP
+ * packet, drop the packet.
+ * Previously we allowed packets with no sname or filename
+ * as we were aware of at least one client that did. But
+ * a bug caused short packets to not work and nobody has
+ * complained, it seems rational to tighten up that
+ * restriction.
+ */
+ if (result < DHCP_FIXED_NON_UDP)
return ISC_R_UNEXPECTED;
if (bootp_packet_handler) {
diff -Naurp dhcp-4.2.1-P1/common/options.c dhcp-4.2.1-P1.oden/common/options.c
--- dhcp-4.2.1-P1/common/options.c 2011-03-24 22:57:13.000000000 +0100
+++ dhcp-4.2.1-P1.oden/common/options.c 2011-08-18 12:55:47.003338734 +0200
@@ -592,8 +592,8 @@ cons_options(struct packet *inpacket, st
} else if (bootpp) {
mb_size = 64;
if (inpacket != NULL &&
- (inpacket->packet_length - DHCP_FIXED_LEN >= 64))
- mb_size = inpacket->packet_length - DHCP_FIXED_LEN;
+ (inpacket->packet_length >= 64 + DHCP_FIXED_NON_UDP))
+ mb_size = inpacket->packet_length - DHCP_FIXED_NON_UDP;
} else
mb_size = DHCP_MIN_OPTION_LEN;
diff -Naurp dhcp-4.2.1-P1/server/dhcp.c dhcp-4.2.1-P1.oden/server/dhcp.c
--- dhcp-4.2.1-P1/server/dhcp.c 2010-09-09 08:52:37.000000000 +0200
+++ dhcp-4.2.1-P1.oden/server/dhcp.c 2011-08-18 12:57:53.156117387 +0200
@@ -2336,6 +2336,7 @@ void ack_lease (packet, lease, offer, wh
* giaddr.
*/
if (!packet->agent_options_stashed &&
+ (packet->options != NULL) &&
packet->options->universe_count > agent_universe.index &&
packet->options->universes[agent_universe.index] != NULL) {
oc = lookup_option (&server_universe, state -> options,
@@ -4429,6 +4430,7 @@ maybe_return_agent_options(struct packet
* by the user into the new state, not just give up.
*/
if (!packet->agent_options_stashed &&
+ (packet->options != NULL) &&
packet->options->universe_count > agent_universe.index &&
packet->options->universes[agent_universe.index] != NULL &&
(options->universe_count <= agent_universe.index ||
Reference in a new issue View git blame Copy permalink