Date: Tue, 21 Jun 2005 19:15:25 +0200 (CEST) From: "Walter C. Pelissero" <walter.pelissero@iesy.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: misc/82491: bootpd shouldn't ignore requests Message-ID: <200506211715.j5LHFPbe056972@zaphod.home.loc> Resent-Message-ID: <200506211720.j5LHKHWi079414@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 82491 >Category: misc >Synopsis: bootpd shouldn't ignore requests >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 21 17:20:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Walter C. Pelissero >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD zaphod.home.loc 5.4-STABLE FreeBSD 5.4-STABLE #1: Mon Jun 13 14:43:15 CEST 2005 root@zaphod.home.loc:/usr/src/sys/i386/compile/TYAN-TIGER-MP i386 >Description: Bootpd ignores request packets when bp_sname is filled with blanks. Even if that may be in violation of some RFC it should assume the bp_sname is unset and thus answer the request. >How-To-Repeat: Send a bootp packet while bootpd is running with -d option. It should display something like: bootpd: info(6): bootptab mtime: Tue Jun 21 18:18:58 2005 bootpd: info(6): reading "/etc/bootptab" bootpd: info(6): read 2 entries (2 hosts) from "/etc/bootptab" bootpd: info(6): recvd pkt from IP addr 0.0.0.0 bootpd: info(6): bootptab mtime: Tue Jun 21 18:18:58 2005 bootpd: info(6): ignoring request for server from client at Ethernet address 08:00:3E:26:4B:EA There are at least some Openfirmwares around that send a bp_sname filled with blanks. >Fix: Apply the following patch to bootpd.c RCS file: /usr/src.cvs/src/libexec/bootpd/bootpd.c,v retrieving revision 1.22 diff -u -r1.22 bootpd.c --- bootpd.c 13 Feb 2004 09:26:54 -0000 1.22 +++ bootpd.c 21 Jun 2005 16:49:27 -0000 @@ -643,6 +643,7 @@ * If we're not being addressed, ignore this request. * If the server name field is null, throw in our name. */ + if (bp->bp_sname[0] == ' ') bp->bp_sname[0] = '\0'; if (strlen(bp->bp_sname)) { if (strcmp(bp->bp_sname, hostname)) { if (debug) I haven't investigated whether the bp_sname should be null terminated at all, but I assume it should as the rest of the code relies on it. Otherwise a loop like the following could be a better idea (not tested!): for (n = sizeof(bp->bp_sname) - 1; n >= 0 && bp->bp_sname[n] == ' '; --n) bp->bp_sname[n] = '\0'; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506211715.j5LHFPbe056972>