CVS commit: src/external/mpl/dhcp/dist/common

Wed, 13 Jan 2021 07:51:59 -0800 

Module Name:    src
Committed By:   christos
Date:           Wed Jan 13 15:51:49 UTC 2021

Modified Files:
        src/external/mpl/dhcp/dist/common: options.c

Log Message:
If an option is not found in the standard table, log it and don't try to
dereference it. This prevents crashes from XenServer VM that PXE boots and
includes option 175 in the DHCP request. Reported by Stephen Borrill.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/mpl/dhcp/dist/common/options.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/mpl/dhcp/dist/common/options.c
diff -u src/external/mpl/dhcp/dist/common/options.c:1.3 src/external/mpl/dhcp/dist/common/options.c:1.4
--- src/external/mpl/dhcp/dist/common/options.c:1.3	Mon Aug  3 17:10:56 2020
+++ src/external/mpl/dhcp/dist/common/options.c	Wed Jan 13 10:51:49 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: options.c,v 1.3 2020/08/03 21:10:56 christos Exp $	*/
+/*	$NetBSD: options.c,v 1.4 2021/01/13 15:51:49 christos Exp $	*/
 
 /* options.c
 
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: options.c,v 1.3 2020/08/03 21:10:56 christos Exp $");
+__RCSID("$NetBSD: options.c,v 1.4 2021/01/13 15:51:49 christos Exp $");
 
 #define DHCP_OPTION_DATA
 #include "dhcpd.h"
@@ -179,13 +179,16 @@ int parse_option_buffer (options, buffer
 
 		offset += universe->length_size;
 
-		option_code_hash_lookup(&option, universe->code_hash, &code,
-					0, MDL);
+		if (!option_code_hash_lookup(&option, universe->code_hash,
+		    &code, 0, MDL)) {
+			log_error("Can't find option with code %u", code);
+		}
 
 		/* If the length is outrageous, the options are bad. */
 		if (offset + len > length) {
 			/* Avoid reference count overflow */
-			option_dereference(&option, MDL);
+			if (option)
+				option_dereference(&option, MDL);
 			reason = "option length exceeds option buffer length";
 		      bogus:
 			log_error("parse_option_buffer: malformed option "
@@ -216,7 +219,8 @@ int parse_option_buffer (options, buffer
 			/* non-compliant clients can send it
 			 * we'll just drop it and go on */
 			log_debug ("Ignoring empty DHO_HOST_NAME option");
-			option_dereference(&option, MDL);
+			if (option)
+				option_dereference(&option, MDL);
 			offset += len;
 			continue;
 		}
@@ -282,7 +286,8 @@ int parse_option_buffer (options, buffer
 			option_cache_dereference(&nop, MDL);
 		}
 
-		option_dereference(&option, MDL);
+		if (option)
+			option_dereference(&option, MDL);
 		offset += len;
 	}
 	buffer_dereference (&bp, MDL);

Reply via email to