FreeBSD Mail Archives

Date:      Mon, 15 Jun 2009 07:24:16 +0000 (UTC)
From:      Brian Somers <brian@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r194235 - stable/7/sbin/dhclient
Message-ID:  <200906150724.n5F7OHtp082658@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: brian
Date: Mon Jun 15 07:24:16 2009
New Revision: 194235
URL: http://svn.freebsd.org/changeset/base/194235

Log:
  MFC: r193765:
    Fix an off by one error when we limit append/prepend text sizes based on our
    internal buffer sizes.
  
    When we 'append', assume we're appending to text.  Some MS dhcp servers will
    give us a string with the length including the trailing NUL.  when we 'append
    domain-name', we get something like "search x.y\000 z" in resolv.conf :(

Modified:
  stable/7/sbin/dhclient/   (props changed)
  stable/7/sbin/dhclient/dhclient.c

Modified: stable/7/sbin/dhclient/dhclient.c
==============================================================================
--- stable/7/sbin/dhclient/dhclient.c	Mon Jun 15 07:17:55 2009	(r194234)
+++ stable/7/sbin/dhclient/dhclient.c	Mon Jun 15 07:24:16 2009	(r194235)
@@ -1977,7 +1977,7 @@ supersede:
 					len = ip->client->
 					    config->defaults[i].len +
 					    lease->options[i].len;
-					if (len > sizeof(dbuf)) {
+					if (len >= sizeof(dbuf)) {
 						warning("no space to %s %s",
 						    "prepend option",
 						    dhcp_options[i].name);
@@ -1996,24 +1996,34 @@ supersede:
 					dp[len] = '\0';
 					break;
 				case ACTION_APPEND:
+					/*
+					 * When we append, we assume that we're
+					 * appending to text.  Some MS servers
+					 * include a NUL byte at the end of
+					 * the search string provided.
+					 */
 					len = ip->client->
 					    config->defaults[i].len +
 					    lease->options[i].len;
-					if (len > sizeof(dbuf)) {
+					if (len >= sizeof(dbuf)) {
 						warning("no space to %s %s",
 						    "append option",
 						    dhcp_options[i].name);
 						goto supersede;
 					}
-					dp = dbuf;
-					memcpy(dp,
+					memcpy(dbuf,
 						lease->options[i].data,
 						lease->options[i].len);
-					memcpy(dp + lease->options[i].len,
+					for (dp = dbuf + lease->options[i].len;
+					    dp > dbuf; dp--, len--)
+						if (dp[-1] != '\0')
+							break;
+					memcpy(dp,
 						ip->client->
 						config->defaults[i].data,
 						ip->client->
 						config->defaults[i].len);
+					dp = dbuf;
 					dp[len] = '\0';
 				}
 			} else {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906150724.n5F7OHtp082658>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation