diff options
| author | David Hankins <dhankins@isc.org> | 2009-01-07 19:55:24 +0000 |
|---|---|---|
| committer | David Hankins <dhankins@isc.org> | 2009-01-07 19:55:24 +0000 |
| commit | fbe8f6aa194a0853d0e26467386a86edc8333fd7 (patch) | |
| tree | 5b24062614c9f51ec67643e2bc0d19564cecfa1c | |
| parent | 1ebba9903a12c19d07a4ba9b4bb173052cd6a055 (diff) | |
| download | isc-dhcp-fbe8f6aa194a0853d0e26467386a86edc8333fd7.tar.gz | |
- The notorious 'option <unknown> ... larger than buffer' log line,
which is seen in some malformed DHCP client packets, was modified.
It now logs the universe name, and does not log the length values
(which are bogus corruption read from the packet anyway). It also
carries a hopefully more useful explanation. [ISC-Bugs #18241]
| -rw-r--r-- | RELNOTES | 8 | ||||
| -rw-r--r-- | common/options.c | 12 |
2 files changed, 15 insertions, 5 deletions
@@ -52,10 +52,16 @@ may not work on other platforms. Please report any problems and suggested fixes to <dhcp-users@isc.org>. - Changes since 4.0.1 (bug fixes) + Changes since 4.0.1 - Validate the argument to the -p option. +- The notorious 'option <unknown> ... larger than buffer' log line, + which is seen in some malformed DHCP client packets, was modified. + It now logs the universe name, and does not log the length values + (which are bogus corruption read from the packet anyway). It also + carries a hopefully more useful explanation. + Changes since 4.0.1rc1 - None. diff --git a/common/options.c b/common/options.c index 56542876..2c364997 100644 --- a/common/options.c +++ b/common/options.c @@ -137,6 +137,7 @@ int parse_option_buffer (options, buffer, length, universe) struct option_cache *op = NULL, *nop = NULL; struct buffer *bp = (struct buffer *)0; struct option *option = NULL; + char *reason = "general failure"; if (!buffer_allocate (&bp, length, MDL)) { log_error ("no memory for option buffer."); @@ -155,7 +156,8 @@ int parse_option_buffer (options, buffer, length, universe) /* Don't look for length if the buffer isn't that big. */ if ((offset + universe->length_size) > length) { - len = 65536; + reason = "code tag at end of buffer - missing " + "length field"; goto bogus; } @@ -187,10 +189,12 @@ int parse_option_buffer (options, buffer, length, universe) /* If the length is outrageous, the options are bad. */ if (offset + len > length) { + reason = "option length exceeds option buffer length"; bogus: - log_error ("parse_option_buffer: option %s (%u:%u) %s.", - option ? option->name : "<unknown>", - code, len, "larger than buffer"); + log_error("parse_option_buffer: malformed option " + "%s.%s (code %u): %s.", universe->name, + option ? option->name : "<unknown>", + code, reason); buffer_dereference (&bp, MDL); return 0; } |