ALT Linux repos
Group :: System/Servers
RPM: dhcp
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: 0005-Update-and-apply-dhcp-3.0.4-owl-bound.patch.patch
Download
Download
From 0 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Mon, 15 Oct 2007 23:22:44 +0000
Subject: [PATCH 05] Update and apply dhcp-3.0.4-owl-bound.patch
diff --git a/dhcp/client/dhclient.c b/dhcp/client/dhclient.c
index defaced..defaced 100644
--- a/dhcp/client/dhclient.c
+++ b/dhcp/client/dhclient.c
@@ -197,9 +197,9 @@ static void
usage(const char *sfmt, const char *sarg)
{
log_info("%s %s", message, PACKAGE_VERSION);
- log_info(copyright);
- log_info(arr);
- log_info(url);
+ log_info("%s", copyright);
+ log_info("%s", arr);
+ log_info("%s", url);
/* If desired print out the specific error message */
#ifdef PRINT_SPECIFIC_CL_ERRORS
@@ -691,9 +691,9 @@ main(int argc, char **argv) {
if (!quiet) {
log_info("%s %s", message, PACKAGE_VERSION);
- log_info(copyright);
- log_info(arr);
- log_info(url);
+ log_info("%s", copyright);
+ log_info("%s", arr);
+ log_info("%s", url);
log_info("%s", "");
} else {
log_perror = 0;
@@ -792,7 +792,7 @@ main(int argc, char **argv) {
*/
if (!persist) {
/* Nothing more to do. */
- log_info("No broadcast interfaces found - exiting.");
+ log_info("%s", "No broadcast interfaces found - exiting.");
finish(0);
}
} else if (!release_mode && !exit_mode) {
@@ -2170,7 +2170,8 @@ void dhcpoffer (packet)
return;
}
- sprintf (obuf, "%s of %s from %s", name,
+ snprintf (obuf, sizeof(obuf),
+ "%s of %s from %s", name,
inet_ntoa(packet->raw->yiaddr),
piaddr(packet->client_addr));
@@ -4590,7 +4591,7 @@ void client_envadd (struct client_state *client,
{
char spbuf [1024];
char *s;
- unsigned len;
+ int len;
struct string_list *val;
va_list list;
@@ -4598,6 +4599,11 @@ void client_envadd (struct client_state *client,
len = vsnprintf (spbuf, sizeof spbuf, fmt, list);
va_end (list);
+/* Handle truncation on glibc 2.0.x or possible unexpected errors on others;
+ * avoid integer overflow in the addition below. */
+ if (len < 0 || len > 0x3fffffff)
+ return;
+
val = dmalloc (strlen (prefix) + strlen (name) + 1 /* = */ +
len + sizeof *val, MDL);
if (!val) {
diff --git a/dhcp/common/bpf.c b/dhcp/common/bpf.c
index defaced..defaced 100644
--- a/dhcp/common/bpf.c
+++ b/dhcp/common/bpf.c
@@ -93,7 +93,7 @@ int if_register_bpf (info)
/* Open a BPF device */
for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */
- sprintf(filename, BPF_FORMAT, b);
+ snprintf(filename, sizeof(filename), BPF_FORMAT, b);
sock = open (filename, O_RDWR, 0);
if (sock < 0) {
if (errno == EBUSY) {
diff --git a/dhcp/common/comapi.c b/dhcp/common/comapi.c
index defaced..defaced 100644
--- a/dhcp/common/comapi.c
+++ b/dhcp/common/comapi.c
@@ -273,7 +273,7 @@ isc_result_t dhcp_group_signal_handler (omapi_object_t *h,
/* Group objects always have to have names. */
if (!group -> name) {
char hnbuf [64];
- sprintf (hnbuf, "ng%08lx%08lx",
+ snprintf (hnbuf, sizeof(hnbuf), "ng%08lx%08lx",
(unsigned long)cur_time,
(unsigned long)group);
group -> name = dmalloc (strlen (hnbuf) + 1, MDL);
diff --git a/dhcp/common/dns.c b/dhcp/common/dns.c
index defaced..defaced 100644
--- a/dhcp/common/dns.c
+++ b/dhcp/common/dns.c
@@ -1250,7 +1250,7 @@ find_cached_zone(dhcp_ddns_cb_t *ddns_cb, int direction)
dns_zone_dereference(&zone, MDL);
return (ISC_R_NOSPACE);
}
- strcpy((char *)&ddns_cb->zone_name[0], zone->name);
+ strncpy((char *)&ddns_cb->zone_name[0], zone->name, DHCP_MAXDNS_WIRE-1);
memset (&nsaddrs, 0, sizeof nsaddrs);
ix = 0;
diff --git a/dhcp/common/print.c b/dhcp/common/print.c
index defaced..defaced 100644
--- a/dhcp/common/print.c
+++ b/dhcp/common/print.c
@@ -525,7 +525,7 @@ char *print_dec_1 (val)
unsigned long val;
{
static char vbuf [32];
- sprintf (vbuf, "%lu", val);
+ snprintf (vbuf, sizeof(vbuf), "%lu", val);
return vbuf;
}
@@ -533,7 +533,7 @@ char *print_dec_2 (val)
unsigned long val;
{
static char vbuf [32];
- sprintf (vbuf, "%lu", val);
+ snprintf (vbuf, sizeof(vbuf), "%lu", val);
return vbuf;
}
@@ -565,7 +565,7 @@ static unsigned print_subexpression (expr, buf, len)
case expr_check:
rv = 10 + strlen (expr -> data.check -> name);
if (len > rv) {
- sprintf (buf, "(check %s)",
+ snprintf (buf, len, "(check %s)",
expr -> data.check -> name);
return rv;
}
@@ -711,7 +711,7 @@ static unsigned print_subexpression (expr, buf, len)
case expr_host_lookup:
rv = 15 + strlen (expr -> data.host_lookup -> hostname);
if (len > rv) {
- sprintf (buf, "(dns-lookup %s)",
+ snprintf (buf, len, "(dns-lookup %s)",
expr -> data.host_lookup -> hostname);
return rv;
}
@@ -795,7 +795,7 @@ static unsigned print_subexpression (expr, buf, len)
rv = strlen (s) + 2 + (strlen (expr -> data.option -> name) +
strlen (expr -> data.option -> universe -> name));
if (len > rv) {
- sprintf (buf, "(option %s.%s)",
+ snprintf (buf, len, "(option %s.%s)",
expr -> data.option -> universe -> name,
expr -> data.option -> name);
return rv;
@@ -931,7 +931,7 @@ static unsigned print_subexpression (expr, buf, len)
rv = 10 + (strlen (expr -> data.option -> name) +
strlen (expr -> data.option -> universe -> name));
if (len > rv) {
- sprintf (buf, "(exists %s.%s)",
+ snprintf (buf, len, "(exists %s.%s)",
expr -> data.option -> universe -> name,
expr -> data.option -> name);
return rv;
@@ -941,7 +941,8 @@ static unsigned print_subexpression (expr, buf, len)
case expr_variable_exists:
rv = 10 + strlen (expr -> data.variable);
if (len > rv) {
- sprintf (buf, "(defined %s)", expr -> data.variable);
+ snprintf (buf, len,
+ "(defined %s)", expr -> data.variable);
return rv;
}
break;
@@ -949,7 +950,7 @@ static unsigned print_subexpression (expr, buf, len)
case expr_variable_reference:
rv = strlen (expr -> data.variable);
if (len > rv) {
- sprintf (buf, "%s", expr -> data.variable);
+ snprintf (buf, len, "%s", expr -> data.variable);
return rv;
}
break;
@@ -1246,7 +1247,7 @@ int token_indent_data_string (FILE *file, int col, int indent,
}
for (i = 0; i < data -> len; i++) {
- sprintf (obuf, "%2.2x", data -> data [i]);
+ snprintf (obuf, sizeof(obuf), "%2.2x", data -> data [i]);
col = token_print_indent (file, col, indent,
i == 0 ? prefix : "",
(i + 1 == data -> len
diff --git a/dhcp/common/tree.c b/dhcp/common/tree.c
index defaced..defaced 100644
--- a/dhcp/common/tree.c
+++ b/dhcp/common/tree.c
@@ -3528,7 +3528,7 @@ int write_expression (file, expr, col, indent, firstp)
col = write_expression (file, expr -> data.extract_int,
col, indent, 1);
col = token_print_indent (file, col, scol, "", " ", ",");
- sprintf (obuf, "%d", width);
+ snprintf (obuf, sizeof(obuf), "%d", width);
col = token_print_indent (file, col, scol, " ", "", obuf);
col = token_print_indent (file, col, indent, "", "", ")");
break;
@@ -3551,7 +3551,7 @@ int write_expression (file, expr, col, indent, firstp)
col = write_expression (file, expr -> data.extract_int,
col, indent, 1);
col = token_print_indent (file, col, scol, "", " ", ",");
- sprintf (obuf, "%d", width);
+ snprintf (obuf, sizeof(obuf), "%d", width);
col = token_print_indent (file, col, scol, " ", "", obuf);
col = token_print_indent (file, col, indent, "", "",
")");
@@ -3566,7 +3566,7 @@ int write_expression (file, expr, col, indent, firstp)
goto encode_int;
case expr_const_int:
- sprintf (obuf, "%lu", expr -> data.const_int);
+ snprintf (obuf, sizeof(obuf), "%lu", expr -> data.const_int);
col = token_print_indent (file, col, indent, "", "", obuf);
break;
diff --git a/dhcp/common/upf.c b/dhcp/common/upf.c
index defaced..defaced 100644
--- a/dhcp/common/upf.c
+++ b/dhcp/common/upf.c
@@ -69,7 +69,7 @@ int if_register_upf (info)
/* Open a UPF device */
for (b = 0; 1; b++) {
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
- sprintf(filename, "/dev/pf/pfilt%d", b);
+ snprintf(filename, sizeof(filename), "/dev/pf/pfilt%d", b);
sock = open (filename, O_RDWR, 0);
if (sock < 0) {
diff --git a/dhcp/omapip/iscprint.c b/dhcp/omapip/iscprint.c
index defaced..defaced 100644
--- a/dhcp/omapip/iscprint.c
+++ b/dhcp/omapip/iscprint.c
@@ -230,7 +230,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
head = "";
tmpui = tmpi;
}
- sprintf(buf, "%u", tmpui);
+ snprintf(buf, sizeof(buf), "%u", tmpui);
goto printint;
case 'o':
if (q)
@@ -239,7 +239,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
tmpui = va_arg(ap, long int);
else
tmpui = va_arg(ap, int);
- sprintf(buf, alt ? "%#o"
+ snprintf(buf, sizeof(buf), alt ? "%#o"
: "%o", tmpui);
goto printint;
case 'u':
@@ -249,7 +249,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
tmpui = va_arg(ap, unsigned long int);
else
tmpui = va_arg(ap, unsigned int);
- sprintf(buf, "%u", tmpui);
+ snprintf(buf, sizeof(buf), "%u", tmpui);
goto printint;
case 'x':
if (q)
@@ -263,7 +263,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
if (precision > 2)
precision -= 2;
}
- sprintf(buf, "%x", tmpui);
+ snprintf(buf, sizeof(buf), "%x", tmpui);
goto printint;
case 'X':
if (q)
@@ -277,7 +277,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
if (precision > 2)
precision -= 2;
}
- sprintf(buf, "%X", tmpui);
+ snprintf(buf, sizeof(buf), "%X", tmpui);
goto printint;
printint:
if (precision != 0 || width != 0) {
@@ -403,7 +403,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
break;
case 'p':
v = va_arg(ap, void *);
- sprintf(buf, "%p", v);
+ snprintf(buf, sizeof(buf), "%p", v);
length = strlen(buf);
if (precision > length)
zeropad = precision - length;
@@ -479,7 +479,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
*/
if (precision > 512)
precision = 512;
- sprintf(fmt, "%%%s%s.%lu%s%c", alt ? "#" : "",
+ snprintf(fmt, sizeof(fmt), "%%%s%s.%lu%s%c", alt ? "#" : "",
plus ? "+" : space ? " " : "",
precision, l ? "L" : "", *format);
switch (*format) {
@@ -491,12 +491,12 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) {
#ifdef HAVE_LONG_DOUBLE
if (l) {
ldbl = va_arg(ap, long double);
- sprintf(buf, fmt, ldbl);
+ snprintf(buf, sizeof(buf), fmt, ldbl);
} else
#endif
{
dbl = va_arg(ap, double);
- sprintf(buf, fmt, dbl);
+ snprintf(buf, sizeof(buf), fmt, dbl);
}
length = strlen(buf);
if (width > 0) {
diff --git a/dhcp/server/dhcp.c b/dhcp/server/dhcp.c
index defaced..defaced 100644
--- a/dhcp/server/dhcp.c
+++ b/dhcp/server/dhcp.c
@@ -115,7 +115,7 @@ dhcp (struct packet *packet) {
s = dhcp_type_names[packet->packet_type - 1];
} else {
/* %Audit% Cannot exceed 28 bytes. %2004.06.17,Safe% */
- sprintf(typebuf, "type %d", packet->packet_type);
+ snprintf(typebuf, sizeof(typebuf), "type %d", packet->packet_type);
s = typebuf;
}
@@ -519,7 +519,7 @@ void dhcprequest (packet, ms_nulltp, ip_lease)
/* piaddr() should not return more than a 15 byte string.
* safe.
*/
- sprintf (smbuf, " (%s)", piaddr (sip));
+ snprintf (smbuf, sizeof(smbuf), " (%s)", piaddr (sip));
} else {
smbuf [0] = 0;
sip.len = 0;
@@ -2444,6 +2444,8 @@ void ack_lease (packet, lease, offer, when, msg, ms_nulltp, hp)
host_dereference(&hp, MDL);
}
if (!host) {
+ if (hp)
+ host_dereference (&hp, MDL);
find_hosts_by_haddr (&hp,
packet -> raw -> htype,
packet -> raw -> chaddr,
diff --git a/dhcp/server/failover.c b/dhcp/server/failover.c
index defaced..defaced 100644
--- a/dhcp/server/failover.c
+++ b/dhcp/server/failover.c
@@ -4119,7 +4119,7 @@ failover_option_t *dhcp_failover_make_option (unsigned code,
val = va_arg (va, unsigned);
#if defined (DEBUG_FAILOVER_MESSAGES)
/* %Audit% Cannot exceed 24 bytes. %2004.06.17,Safe% */
- sprintf (tbuf, " %d", val);
+ snprintf (tbuf, sizeof(tbuf), " %d", val);
failover_print (obuf, obufix, obufmax, tbuf);
#endif
option.data [i + 4] = val;
@@ -4139,7 +4139,7 @@ failover_option_t *dhcp_failover_make_option (unsigned code,
#if defined (DEBUG_FAILOVER_MESSAGES)
/*%Audit% Cannot exceed 17 bytes. %2004.06.17,Safe%*/
- sprintf (tbuf, " %u.%u.%u.%u",
+ snprintf (tbuf, sizeof(tbuf), " %u.%u.%u.%u",
iaddr [0], iaddr [1], iaddr [2], iaddr [3]);
failover_print (obuf, obufix, obufmax, tbuf);
#endif
@@ -4152,7 +4152,7 @@ failover_option_t *dhcp_failover_make_option (unsigned code,
val = va_arg (va, unsigned);
#if defined (DEBUG_FAILOVER_MESSAGES)
/*%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%*/
- sprintf (tbuf, " %d", val);
+ snprintf (tbuf, sizeof(tbuf), " %d", val);
failover_print (obuf, obufix, obufmax, tbuf);
#endif
putULong (&option.data [4 + i * 4], val);
@@ -4165,7 +4165,7 @@ failover_option_t *dhcp_failover_make_option (unsigned code,
#if defined (DEBUG_FAILOVER_MESSAGES)
for (i = 0; i < count; i++) {
/* 23 bytes plus nul, safe. */
- sprintf (tbuf, " %d", bval [i]);
+ snprintf (tbuf, sizeof(tbuf), " %d", bval [i]);
failover_print (obuf, obufix, obufmax, tbuf);
}
#endif
@@ -4203,7 +4203,7 @@ failover_option_t *dhcp_failover_make_option (unsigned code,
#if defined (DEBUG_FAILOVER_MESSAGES)
for (i = 4; i < size; i++) {
/*%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%*/
- sprintf (tbuf, " %d", option.data [i]);
+ snprintf (tbuf, sizeof(tbuf), " %d", option.data [i]);
failover_print (obuf, obufix, obufmax, tbuf);
}
#endif
@@ -4214,7 +4214,7 @@ failover_option_t *dhcp_failover_make_option (unsigned code,
val = va_arg (va, u_int32_t);
#if defined (DEBUG_FAILOVER_MESSAGES)
/*%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%*/
- sprintf (tbuf, " %d", val);
+ snprintf (tbuf, sizeof(tbuf), " %d", val);
failover_print (obuf, obufix, obufmax, tbuf);
#endif
putUShort (&option.data [4 + i * 2], val);
diff --git a/dhcp/server/omapi.c b/dhcp/server/omapi.c
index defaced..defaced 100644
--- a/dhcp/server/omapi.c
+++ b/dhcp/server/omapi.c
@@ -1234,7 +1234,7 @@ isc_result_t dhcp_host_signal_handler (omapi_object_t *h,
if (!host -> name) {
char hnbuf [64];
- sprintf (hnbuf, "nh%08lx%08lx",
+ snprintf (hnbuf, sizeof(hnbuf), "nh%08lx%08lx",
(unsigned long)cur_time, (unsigned long)host);
host -> name = dmalloc (strlen (hnbuf) + 1, MDL);
if (!host -> name)