RELNOTES
Added release note
common/options.c
add_option() - always dereference the looked up option
common/tests/option_unittest.c
Added new unit test: ATF_TC_BODY(add_option_ref_cnt, tc)
Even if there was a definition for an ecncapsulated v6 option
and a set of values for it the v6 server wouldn't add it to
the outgoing packet. This patch updates the server to do so.
Squashed commit of the following:
commit 7d61e40149676f989667cac90d9c3b6f5b63ac6b
Author: Shawn Routhier <sar@isc.org>
Date: Tue Feb 23 11:31:27 2016 -0800
[rt41774] Add a call to dereference the packet structure if the deocding fails
Add code to parse a vendor option. It is structured as an action
in the config language. When the statement is executed it attempts
to find a vendor option in the packet and a vendor option space
specified by the admin for use with that packet. It then calls
the proper parse routine to do the parsing.
Add support to set high and low thresholds for pools for
v4 and v6. A message will be emitted when the usage of
the pool first exceeds the high threshold. More messages
will be skipped until the usage has gone below the low
threshold and then back above the high threshold.
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851]
CVE: CVE-2012-3571
[ISC-Bugs #22625] - properly print options that have several fields
followed by an array of something for example "fIa"
[ISC-Bugs #27289] - properly parse options in declarations that have
several fields followed by an array of something for example "fIa"
[ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
value in evaluate_numeric_expression (extract-int).
[ISC-Bugs #27314] - properly parse a zero length option from
a lease file. Thanks to Marius Tomaschewski from SUSE for the report
and prototype patch for this ticket as well as ticket 27289.
has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
buffer space for bootp and use a better constant - DHCP packet
size instead of DHCP packet size + udp and iP headers.
Check that we have a packet->options structure before using it.
Only process packets that are longer than a bootp fixed packet
including server and file names. Previously we allowed for
shorter packets but that wasn't working and nobody noticed.
which is seen in some malformed DHCP client packets, was modified.
It now logs the universe name, and does not log the length values
(which are bogus corruption read from the packet anyway). It also
carries a hopefully more useful explanation. [ISC-Bugs #18241]
