Package: dhcp3-server Version: 3.0.4-14 I'm filling a new bug report because the one already describing the problem has been archived. (#334980)
The problem has indeed not been fixed. It can be demonstrated with
either the configuration file I'm attaching, or the one already
provided in #334980. I did all my tests and fixes with the
configuration file I'm attaching. It shows that it can be even more
malicious than expected as a simple typo in last statement of a pool
can trigger it (there should be "unknown-clients" with a final 's'
instead of "unknown-client" in the last pool)
Answer of Andrew Pollock <[EMAIL PROTECTED]> to #334980 dated Fri, 21
Oct 2005 19:27:41 +1000 is not a solution to this bug because dhcpd3
tests its configuration file using the very same parser it uses to
parse its configuration file during normal startup, and the endless
loop filling syslogs is within the parser, so the problem also occurs
during the consistency check.
The problem is in a do {} while () loop in parse_pool_statement that
does not tests for end of file conditions.
I attach a patch that fixes the bug, that I'll send upstream to.
--
Guillaume KNISPEL
Proformatique - 67 rue Voltaire - 92800 Puteaux
Tel. : 01 41 38 99 60 - Fax. : 01 41 38 99 70
[EMAIL PROTECTED] - http://www.proformatique.com/
dhcpd.conf
Description: Binary data
fix-eof-in-pool-statement.dpatch
Description: Binary data
