Fix infinite loop on certain parser error.

See RT ticket #16977 for more.

2 files changed, 16 insertions, 2 deletions

diff --git a/RELNOTES b/RELNOTES
index 7d008525..3af651ce 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -39,6 +39,10 @@ the README file.
 
 			Changes since 3.1.0
 
+- Bug in server configuration parser caused server to get stuck on
+  startup for certain bad pool declarations. Thanks to Guillaume
+  Knispel for the bug report and fix.
+
 - Fixed file descriptor leak on listen failure. Thanks to Tom Clark.
 
 - Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the report
diff --git a/server/confpars.c b/server/confpars.c
index 8cb03b2a..15448d9e 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -34,7 +34,7 @@
 
 #ifndef lint
 static char copyright[] =
-"$Id: confpars.c,v 1.159.16.5 2007/06/28 17:20:40 dhankins Exp $ Copyright (c) 2004-2007 Internet Systems Consortium.  All rights reserved.\n";
+"$Id: confpars.c,v 1.159.16.6 2007/08/15 13:10:04 shane Exp $ Copyright (c) 2004-2007 Internet Systems Consortium.  All rights reserved.\n";
 #endif /* not lint */
 
 #include "dhcpd.h"
@@ -1486,7 +1486,7 @@ void parse_pool_statement (cfile, group, type)
 			      default:
 				parse_warn (cfile, "expecting permit type.");
 				skip_to_semi (cfile);
-				break;
+				goto cleanup;
 			}
 			while (*permit_head)
 				permit_head = &((*permit_head) -> next);
@@ -1503,6 +1503,15 @@ void parse_pool_statement (cfile, group, type)
 			done = 1;
 			break;
 
+		      case END_OF_FILE:
+			/*
+			 * We can get to END_OF_FILE if, for instance,
+			 * the parse_statement() reads all available tokens
+			 * and leaves us at the end.
+			 */
+			parse_warn("unexpected end of file");
+			return;
+
 		      default:
 			declaration = parse_statement (cfile, pool -> group,
 						       POOL_DECL,
@@ -1558,6 +1567,7 @@ void parse_pool_statement (cfile, group, type)
 		log_error ("one range statement.");
 	}
 
+cleanup:
 	/* Dereference the lease chain. */
 	lp = (struct lease *)0;
 	while (lpchain) {