Your message dated Thu, 25 Aug 2011 22:44:15 -0700
with message-id <[email protected]>
has caused the report #622380,
regarding IPv6 address buffer size mismatch and comment error
to be marked as having been forwarded to the upstream software
author(s) [email protected]
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
622380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622380
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Hello,
One of our users reported this bug. I'm not sure if it's already reported in
your bug tracker or not.
Please maintain the Cc to keep our bug tracking system in the loop.
regards
Andrew
----- Forwarded message from david b <[email protected]> -----
Date: Wed, 13 Apr 2011 01:44:47 +1000
From: david b <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: Bug#622380: isc-dhcp-client: minor bug
X-Mailer: reportbug 4.12.6
Package: isc-dhcp-client
Version: 4.1.1-P1-15+squeeze2
Severity: important
I have given up on upstream & and their bug tracking is "closed" anyway.
Over a few emails I sent the following to isc.
"
In
dhcpclient.c
dhcp()
...
char addrbuf[4*16];
...
...
The following comment is just plain wrong:
/* piaddr() returns its result in a static
buffer sized 4*16 (see common/inet.c). */
Why? because sizeof pbuf is 46.
source: static char
pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
Ok.
Now in dhcpv6()
...
char addrbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")];
the sizeof addrbuf is 40.
Following along:
/* Discard, with log, packets from quenched sources. */
for (ap = packet->interface->client->config->reject_list ;
ap ; ap = ap->next) {
if (addr_match(&packet->client_addr, &ap->match)) {
Ah... ---> strcpy(addrbuf, piaddr(packet->client_addr));
log_info("%s from %s rejected by rule %s",
dhcpv6_type_names[packet->dhcpv6_msg_type],
addrbuf,
piaddrmask(&ap->match.addr, &ap->match.mask));
return;
}
}
>>From the strcpy manual:
The strcpy() function copies the string pointed to by src,
including the terminating null byte ('\0'), to the buffer pointed to
by dest. The strings may not overlap, and the destination string dest
must be large enough to receive the copy.
The man page for inet_ntop states the following:
AF_INET6
src points to a struct in6_addr (in network byte
order) which is converted to a representation of this address in the
most
appropriate IPv6 network address format for this
address. The buffer dst must be at least INET6_ADDRSTRLEN bytes long.
INET6_ADDRSTRLEN is 46,( #define INET6_ADDRSTRLEN 46 )
I prefer to not disagree with manuals (46 > 40).
Even if you decide to ignore this ->
In the following *should* be fixed:
1. the incorrect comment needs to be either removed or 'corrected'
2. addrbuf for ipv6 should be at least 46 or INET6_ADDRSTRLEN long.
"
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38.2 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages isc-dhcp-client depends on:
ii debianutils 3.4 Miscellaneous utilities specific t
ii iproute 20100519-3 networking and traffic control too
ii isc-dhcp-common 4.1.1-P1-15+squeeze2 common files used by all the isc-d
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
isc-dhcp-client recommends no packages.
Versions of packages isc-dhcp-client suggests:
pn avahi-autoipd <none> (no description available)
pn resolvconf <none> (no description available)
-- Configuration Files:
/etc/dhcp/dhclient.conf changed [not included]
-- no debconf information
----- End forwarded message -----
--- End Message ---
