diff options
author | Shawn Routhier <sar@isc.org> | 2010-12-29 23:09:51 +0000 |
---|---|---|
committer | Shawn Routhier <sar@isc.org> | 2010-12-29 23:09:51 +0000 |
commit | 8bdf8790b9abe0c4acf702dc437e1b560b1080be (patch) | |
tree | a7447450b2568351804285e2b5987b8a011662a8 | |
parent | e6be2c05e7d578f02f3748be7410d587efe01e73 (diff) | |
download | isc-dhcp-v4_0.tar.gz |
When processing the format flags for a given option consume thev4_0
flag indicating an optional value correctly. A symptom of this
bug was an infinite loop when trying to parse the slp-service-scope
option. Thanks to a patch from Marius Tomaschewski.
[ISC-Bugs #22055]
-rw-r--r-- | RELNOTES | 7 | ||||
-rw-r--r-- | common/parse.c | 22 |
2 files changed, 27 insertions, 2 deletions
@@ -67,6 +67,12 @@ suggested fixes to <dhcp-users@isc.org>. This was a security issue in 4.2.0 but is not in 4.0.x. [ISC-Bugs #22679] +- When processing the format flags for a given option consume the + flag indicating an optional value correctly. A symptom of this + bug was an infinite loop when trying to parse the slp-service-scope + option. Thanks to a patch from Marius Tomaschewski. + [ISC-Bugs #22055] + Changes since 4.0.3rc1 ! Handle a relay forward message with an unspecified address in the @@ -2497,7 +2503,6 @@ suggested fixes to <dhcp-users@isc.org>. - Fix a bug in the DHCP client initial startup backoff interval, which would cause two DHCPDISCOVERS to be sent back-to-back on startup. - Changes since 3.0 Beta 2 Patchlevel 15 - Some documentation tweaks. diff --git a/common/parse.c b/common/parse.c index 36380c4d..4608de5f 100644 --- a/common/parse.c +++ b/common/parse.c @@ -4898,8 +4898,28 @@ struct option *option; do { if ((*fmt == 'A') || (*fmt == 'a')) break; - if (*fmt == 'o') + if (*fmt == 'o') { + /* consume the optional flag */ + fmt++; continue; + } + + if (fmt[1] == 'o') { + /* + * A value for the current format is + * optional - check to see if the next + * token is a semi-colon if so we don't + * need to parse it and doing so would + * consume the semi-colon which our + * caller is expecting to parse + */ + token = peek_token(&val, (unsigned *)0, + cfile); + if (token == SEMI) { + fmt++; + continue; + } + } tmp = *expr; *expr = NULL; |