[pkg-dhcp-devel] Bug#622380: [db.pub.mail at gmail.com: Bug#622380: isc-dhcp-client: IPv6 address buffer size mismatch and comment error]

Andrew Pollock apollock at debian.org
Fri Aug 26 05:44:15 UTC 2011


One of our users reported this bug. I'm not sure if it's already reported in
your bug tracker or not.

Please maintain the Cc to keep our bug tracking system in the loop.



----- Forwarded message from david b <db.pub.mail at gmail.com> -----

Date: Wed, 13 Apr 2011 01:44:47 +1000
From: david b <db.pub.mail at gmail.com>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: Bug#622380: isc-dhcp-client: minor bug
X-Mailer: reportbug 4.12.6

Package: isc-dhcp-client
Version: 4.1.1-P1-15+squeeze2
Severity: important

I have given up on upstream & and their bug tracking is "closed" anyway.

Over a few emails I sent the following to isc.


char addrbuf[4*16];
The following comment is just plain wrong:

                       /* piaddr() returns its result in a static
                          buffer sized 4*16 (see common/inet.c). */

Why? because sizeof pbuf is 46.
source:  static char


Now in dhcpv6()

char addrbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")];
the sizeof addrbuf is 40.

Following along:

       /* Discard, with log, packets from quenched sources. */
       for (ap = packet->interface->client->config->reject_list ;
            ap ; ap = ap->next) {
               if (addr_match(&packet->client_addr, &ap->match)) {

Ah... --->  strcpy(addrbuf, piaddr(packet->client_addr));

                       log_info("%s from %s rejected by rule %s",
                                piaddrmask(&ap->match.addr, &ap->match.mask));

>>From the strcpy manual:
The  strcpy()  function  copies  the  string pointed to by src,
including the terminating null byte ('\0'), to the buffer  pointed to
by dest.  The strings may not overlap, and the destination string dest
must be large  enough  to  receive  the  copy.

The man page for inet_ntop states the following:

             src  points  to  a struct in6_addr (in network byte
order) which is converted to a representation of this address in the
             appropriate IPv6 network address format for this
address.  The buffer dst must be at least INET6_ADDRSTRLEN bytes long.

INET6_ADDRSTRLEN  is  46,( #define INET6_ADDRSTRLEN 46 )

I prefer to not disagree with manuals (46 > 40).

Even if you decide to ignore this ->
In the following *should* be fixed:
1. the incorrect comment needs to be either removed or 'corrected'
2. addrbuf for ipv6 should be at least 46 or INET6_ADDRSTRLEN long.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages isc-dhcp-client depends on:
ii  debianutils         3.4                  Miscellaneous utilities specific t
ii  iproute             20100519-3           networking and traffic control too
ii  isc-dhcp-common     4.1.1-P1-15+squeeze2 common files used by all the isc-d
ii  libc6               2.11.2-10            Embedded GNU C Library: Shared lib

isc-dhcp-client recommends no packages.

Versions of packages isc-dhcp-client suggests:
pn  avahi-autoipd                 <none>     (no description available)
pn  resolvconf                    <none>     (no description available)

-- Configuration Files:
/etc/dhcp/dhclient.conf changed [not included]

-- no debconf information

----- End forwarded message -----

More information about the pkg-dhcp-devel mailing list