From 9d97e6445e193df48ed8704de858210a033088a5 Mon Sep 17 00:00:00 2001 From: Shawn Routhier Date: Mon, 13 Dec 2010 20:31:08 +0000 Subject: [PATCH] Fix the handling of connection requests on the failover port. Previously a connection request from a source that wasn't listed as a failover peer would cause the server to become non-responsive. [ISC-Bugs #22679] CERT: VU#159528 CVE: CVE-2010-3616 --- RELNOTES | 6 ++++++ server/failover.c | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/RELNOTES b/RELNOTES index 028b8169..af906bf2 100644 --- a/RELNOTES +++ b/RELNOTES @@ -150,6 +150,12 @@ work on other platforms. Please report any problems and suggested fixes to as a hex list. We shall investigate other ways of displaying time values more usefully. [ISC-Bugs #22626] +! Fix the handling of connection requests on the failover port. + Previously a connection request from a source that wasn't + listed as a failover peer would cause the server to become + non-responsive. [ISC-Bugs #22679] + CERT: VU#159528 CVE: CVE-2010-3616 + Changes since 4.2.0b2 - Add declaration for variable in debug code in alloc.c. [ISC-Bugs #21472] diff --git a/server/failover.c b/server/failover.c index 53957bb1..1dbcc1d1 100644 --- a/server/failover.c +++ b/server/failover.c @@ -3,7 +3,7 @@ Failover protocol support code... */ /* - * Copyright (c) 2004-2009 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2004-2010 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 1999-2003 by Internet Software Consortium * * Permission to use, copy, modify, and distribute this software for any @@ -1101,7 +1101,8 @@ isc_result_t dhcp_failover_listener_signal (omapi_object_t *o, } if (!state) { log_info ("failover: listener: no matching state"); - return omapi_disconnect ((omapi_object_t *)c, 1); + omapi_disconnect ((omapi_object_t *)c, 1); + return(ISC_R_NOTFOUND); } obj = (dhcp_failover_link_t *)0;