diff options
| author | Shawn Routhier <sar@isc.org> | 2012-03-20 00:31:34 +0000 |
|---|---|---|
| committer | Shawn Routhier <sar@isc.org> | 2012-03-20 00:31:34 +0000 |
| commit | b342f2e77c25e45f92d152f815edaf183827a02e (patch) | |
| tree | 82b11d0a01c55a927182c5d2cdb3ee2396c9a301 | |
| parent | d13db163c74d39e628cc920f1b77a1def441f54f (diff) | |
| download | isc-dhcp-b342f2e77c25e45f92d152f815edaf183827a02e.tar.gz | |
Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
and dhcpv6_packet in several more places. Thanks to a report from
Bruno Verstuyft and Vincent Demaertelaere of Excentis.
[ISC-Bugs #27941]
| -rw-r--r-- | RELNOTES | 5 | ||||
| -rw-r--r-- | common/options.c | 6 | ||||
| -rw-r--r-- | server/dhcpv6.c | 6 |
3 files changed, 13 insertions, 4 deletions
@@ -104,6 +104,11 @@ work on other platforms. Please report any problems and suggested fixes to weren't removed from the DNS. [ISC-BUGS #27858] +- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet + and dhcpv6_packet in several more places. Thanks to a report from + Bruno Verstuyft and Vincent Demaertelaere of Excentis. + [ISC-Bugs #27941] + Changes since 4.2.2 - Fix the code that checks for an existing DDNS transaction to cancel diff --git a/common/options.c b/common/options.c index 3c08d33b..e21992d2 100644 --- a/common/options.c +++ b/common/options.c @@ -3845,6 +3845,7 @@ do_packet6(struct interface_info *interface, const char *packet, msg_type = packet[0]; if ((msg_type == DHCPV6_RELAY_FORW) || (msg_type == DHCPV6_RELAY_REPL)) { + int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options)); relay = (const struct dhcpv6_relay_packet *)packet; decoded_packet->dhcpv6_msg_type = relay->msg_type; @@ -3856,7 +3857,7 @@ do_packet6(struct interface_info *interface, const char *packet, relay->peer_address, sizeof(relay->peer_address)); if (!parse_option_buffer(decoded_packet->options, - relay->options, len-sizeof(*relay), + relay->options, len - relaylen, &dhcpv6_universe)) { /* no logging here, as parse_option_buffer() logs all cases where it fails */ @@ -3864,6 +3865,7 @@ do_packet6(struct interface_info *interface, const char *packet, return; } } else { + int msglen = (int)(offsetof(struct dhcpv6_packet, options)); msg = (const struct dhcpv6_packet *)packet; decoded_packet->dhcpv6_msg_type = msg->msg_type; @@ -3873,7 +3875,7 @@ do_packet6(struct interface_info *interface, const char *packet, sizeof(decoded_packet->dhcpv6_transaction_id)); if (!parse_option_buffer(decoded_packet->options, - msg->options, len-sizeof(*msg), + msg->options, len - msglen, &dhcpv6_universe)) { /* no logging here, as parse_option_buffer() logs all cases where it fails */ diff --git a/server/dhcpv6.c b/server/dhcpv6.c index 3e7a9807..336b3a07 100644 --- a/server/dhcpv6.c +++ b/server/dhcpv6.c @@ -5527,6 +5527,7 @@ dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) { msg_type = enc_opt_data.data[0]; if ((msg_type == DHCPV6_RELAY_FORW) || (msg_type == DHCPV6_RELAY_REPL)) { + int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options)); relay = (struct dhcpv6_relay_packet *)enc_opt_data.data; enc_packet->dhcpv6_msg_type = relay->msg_type; @@ -5539,13 +5540,14 @@ dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) { if (!parse_option_buffer(enc_packet->options, relay->options, - enc_opt_data.len-sizeof(*relay), + enc_opt_data.len - relaylen, &dhcpv6_universe)) { /* no logging here, as parse_option_buffer() logs all cases where it fails */ goto exit; } } else { + int msglen = (int)(offsetof(struct dhcpv6_packet, options)); msg = (struct dhcpv6_packet *)enc_opt_data.data; enc_packet->dhcpv6_msg_type = msg->msg_type; @@ -5556,7 +5558,7 @@ dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) { if (!parse_option_buffer(enc_packet->options, msg->options, - enc_opt_data.len-sizeof(*msg), + enc_opt_data.len - msglen, &dhcpv6_universe)) { /* no logging here, as parse_option_buffer() logs all cases where it fails */ |