summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hankins <dhankins@isc.org>2009-01-07 19:55:24 +0000
committerDavid Hankins <dhankins@isc.org>2009-01-07 19:55:24 +0000
commitfbe8f6aa194a0853d0e26467386a86edc8333fd7 (patch)
tree5b24062614c9f51ec67643e2bc0d19564cecfa1c
parent1ebba9903a12c19d07a4ba9b4bb173052cd6a055 (diff)
downloadisc-dhcp-fbe8f6aa194a0853d0e26467386a86edc8333fd7.tar.gz
- The notorious 'option <unknown> ... larger than buffer' log line,
which is seen in some malformed DHCP client packets, was modified. It now logs the universe name, and does not log the length values (which are bogus corruption read from the packet anyway). It also carries a hopefully more useful explanation. [ISC-Bugs #18241]
-rw-r--r--RELNOTES8
-rw-r--r--common/options.c12
2 files changed, 15 insertions, 5 deletions
diff --git a/RELNOTES b/RELNOTES
index a467eb5c..3ea4cf55 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -52,10 +52,16 @@ may not work on other platforms. Please report any problems and
suggested fixes to <dhcp-users@isc.org>.
- Changes since 4.0.1 (bug fixes)
+ Changes since 4.0.1
- Validate the argument to the -p option.
+- The notorious 'option <unknown> ... larger than buffer' log line,
+ which is seen in some malformed DHCP client packets, was modified.
+ It now logs the universe name, and does not log the length values
+ (which are bogus corruption read from the packet anyway). It also
+ carries a hopefully more useful explanation.
+
Changes since 4.0.1rc1
- None.
diff --git a/common/options.c b/common/options.c
index 56542876..2c364997 100644
--- a/common/options.c
+++ b/common/options.c
@@ -137,6 +137,7 @@ int parse_option_buffer (options, buffer, length, universe)
struct option_cache *op = NULL, *nop = NULL;
struct buffer *bp = (struct buffer *)0;
struct option *option = NULL;
+ char *reason = "general failure";
if (!buffer_allocate (&bp, length, MDL)) {
log_error ("no memory for option buffer.");
@@ -155,7 +156,8 @@ int parse_option_buffer (options, buffer, length, universe)
/* Don't look for length if the buffer isn't that big. */
if ((offset + universe->length_size) > length) {
- len = 65536;
+ reason = "code tag at end of buffer - missing "
+ "length field";
goto bogus;
}
@@ -187,10 +189,12 @@ int parse_option_buffer (options, buffer, length, universe)
/* If the length is outrageous, the options are bad. */
if (offset + len > length) {
+ reason = "option length exceeds option buffer length";
bogus:
- log_error ("parse_option_buffer: option %s (%u:%u) %s.",
- option ? option->name : "<unknown>",
- code, len, "larger than buffer");
+ log_error("parse_option_buffer: malformed option "
+ "%s.%s (code %u): %s.", universe->name,
+ option ? option->name : "<unknown>",
+ code, reason);
buffer_dereference (&bp, MDL);
return 0;
}