*** From dhcp-server -- To unsubscribe, see the end of this message. ***
In a previous message
(http://www.isc.org/ml-archives/dhcp-server/1999/11/msg00225.html)
I wrote about a problem that we were having with machines sending us 32 byte
uids. At the time, I thought this was because 32 bytes was a long uid, but
having read The (excellent) DHCP Handbook, I realised that there had to be
scope for handling larger uids, and thus the 32 byte uid_buf size took on
the significance of a magic number.
I believe that the problem is that the code in dhcp.c, which uses a <= test
when comparing the incoming uid against the size of uid_buf, then later on
(I assume) in memory.c the test is only less than.
Hence whatever size you set for uid_buf, if you get a uid exactly of that
length it will be fitted into a uid_buf, but then, later on, when the lease
is copied, the (less than) test fails, and the server exits claiming a
corrupt lease.
I have attached some code fragments to support my analysis, but I can't say
that I have thoroughly analysed the code, and thus I would welcome any
further comment to support (or not) this "fix".
In server/dhcp.c at line 1237
/* Record the uid, if given... */
...
if (d1.len <= sizeof lt.uid_buf) {
^^^^^^^^^^
memcpy (lt.uid_buf, d1.data, d1.len);
Then in memory.c at line 540
/* Copy the data files, but not the linkages. */
...
if (lease -> uid_len < sizeof (lease -> uid_buf)) {
^^^^^^^^^^
memcpy (comp -> uid_buf,
lease -> uid, lease -> uid_len);
Kevin Quinlan
-----------------------------------------------------------------------
List Archives : http://www.isc.org/ml-archives/dhcp-server/
Unsubscribe : http://www.isc.org/dhcp-lists.html
-or- : mailto:[EMAIL PROTECTED]?Subject=unsubscribe
-----------------------------------------------------------------------
