Tree - rpms/dhcp - src.fedoraproject.org

rpms / dhcp

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: mosvald
EPEL:: mosvald
Files

Commit: cc9c02cced7043ba8920a82e335bdf2af32a404d
Blob Blame History Raw
diff -up dhcp-4.2.1-P1/common/discover.c.CVE-2011-2748-2749 dhcp-4.2.1-P1/common/discover.c
--- dhcp-4.2.1-P1/common/discover.c.CVE-2011-2748-2749	2011-08-11 09:25:01.000000000 +0200
+++ dhcp-4.2.1-P1/common/discover.c	2011-08-11 09:28:14.318406808 +0200
@@ -1389,12 +1389,16 @@ isc_result_t got_one (h)
 	if (result == 0)
 		return ISC_R_UNEXPECTED;
 
-	/* If we didn't at least get the fixed portion of the BOOTP
-	   packet, drop the packet.  We're allowing packets with no
-	   sname or filename, because we're aware of at least one
-	   client that sends such packets, but this definitely falls
-	   into the category of being forgiving. */
-	if (result < DHCP_FIXED_NON_UDP - DHCP_SNAME_LEN - DHCP_FILE_LEN)
+	/*
+	 * If we didn't at least get the fixed portion of the BOOTP
+	 * packet, drop the packet.
+	 * Previously we allowed packets with no sname or filename
+	 * as we were aware of at least one client that did.  But
+	 * a bug caused short packets to not work and nobody has
+	 * complained, it seems rational to tighten up that
+	 * restriction.
+	 */
+	if (result < DHCP_FIXED_NON_UDP)
 		return ISC_R_UNEXPECTED;
 
 	if (bootp_packet_handler) {
diff -up dhcp-4.2.1-P1/common/options.c.CVE-2011-2748-2749 dhcp-4.2.1-P1/common/options.c
--- dhcp-4.2.1-P1/common/options.c.CVE-2011-2748-2749	2011-08-11 09:25:01.266574346 +0200
+++ dhcp-4.2.1-P1/common/options.c	2011-08-11 09:25:01.312573904 +0200
@@ -592,8 +592,8 @@ cons_options(struct packet *inpacket, st
 	} else if (bootpp) {
 		mb_size = 64;
 		if (inpacket != NULL &&
-		    (inpacket->packet_length - DHCP_FIXED_LEN >= 64))
-			mb_size = inpacket->packet_length - DHCP_FIXED_LEN;
+		    (inpacket->packet_length >= 64 + DHCP_FIXED_NON_UDP))
+			mb_size = inpacket->packet_length - DHCP_FIXED_NON_UDP;
 	} else
 		mb_size = DHCP_MIN_OPTION_LEN;
 
diff -up dhcp-4.2.1-P1/server/dhcp.c.CVE-2011-2748-2749 dhcp-4.2.1-P1/server/dhcp.c
--- dhcp-4.2.1-P1/server/dhcp.c.CVE-2011-2748-2749	2011-08-11 09:25:01.177575204 +0200
+++ dhcp-4.2.1-P1/server/dhcp.c	2011-08-11 09:25:01.314573885 +0200
@@ -2336,6 +2336,7 @@ void ack_lease (packet, lease, offer, wh
 	 * giaddr.
 	 */
 	if (!packet->agent_options_stashed &&
+	    (packet->options != NULL) &&
 	    packet->options->universe_count > agent_universe.index &&
 	    packet->options->universes[agent_universe.index] != NULL) {
 	    oc = lookup_option (&server_universe, state -> options,
@@ -4448,6 +4449,7 @@ maybe_return_agent_options(struct packet
 	 * by the user into the new state, not just give up.
 	 */
 	if (!packet->agent_options_stashed &&
+	    (packet->options != NULL) &&
 	    packet->options->universe_count > agent_universe.index &&
 	    packet->options->universes[agent_universe.index] != NULL &&
 	    (options->universe_count <= agent_universe.index ||
rpms / dhcp

Source Code

Files
