diff options
| author | David Hankins <dhankins@isc.org> | 2006-05-05 20:32:31 +0000 |
|---|---|---|
| committer | David Hankins <dhankins@isc.org> | 2006-05-05 20:32:31 +0000 |
| commit | 3a16098f0b0e1633dc23d76bc84068995fd65f67 (patch) | |
| tree | 4ce7b01deb0032cf90487a6bbf75976118c5c53e | |
| parent | 14baf5cd1adbe429efa804a0d13cee4c07237e84 (diff) | |
| download | isc-dhcp-3a16098f0b0e1633dc23d76bc84068995fd65f67.tar.gz | |
Pulling work between V3-0-4B3 and present v3-release-branch to HEAD.
| -rw-r--r-- | RELNOTES | 42 | ||||
| -rw-r--r-- | client/dhclient.c | 6 | ||||
| -rw-r--r-- | common/dhcp-eval.5 | 4 | ||||
| -rw-r--r-- | common/dhcp-options.5 | 17 | ||||
| -rw-r--r-- | includes/dhcpd.h | 2 | ||||
| -rw-r--r-- | relay/dhcrelay.c | 4 | ||||
| -rw-r--r-- | server/confpars.c | 15 | ||||
| -rw-r--r-- | server/dhcpd.c | 6 | ||||
| -rw-r--r-- | server/dhcpd.conf.5 | 19 | ||||
| -rw-r--r-- | server/mdb.c | 32 |
10 files changed, 114 insertions, 33 deletions
@@ -6,6 +6,9 @@ NEW FEATURES +XXX: Note need for care of ATSFP values when upgrading from 3.0.4+ to +3.1.x. + Version 3 of the ISC DHCP Distribution includes the following features that are new since version 2.0: @@ -43,6 +46,28 @@ Murrell at BC Tel Advanced Communications. I'd like to express my thanks to all of these good people here, both for working on the code and for prodding me into improving it. + Changes since 3.0.4 + +- A warning that host statements declared within subnet or shared-network + scopes are actually global has been added. + +- The default minimum lease time (if min-lease-time was not specified) + was raised from 0 to 300. 0 is not thought to be sensible, and is + known to be damaging. + +- Added additional fatal error sanity checks surrounding lease binding + state count calculations (free/active counts used for failover pool + balancing). + + Changes since 3.0.4rc1 + +- The dhcp-options.5 manpage was updated to correct indentation errors + thanks to a patch from Jean Delvare. + + Changes since 3.0.4b3 + +- Some manual pages were clarified pursuant to discussion on the dhcp-server + mailing list. Changes since 3.0 (New Features) @@ -128,10 +153,19 @@ and for prodding me into improving it. PAD options - it was suppressing only one trailng PAD option, rather than the entire block of them. -- Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent - option addition and stripping code. Added a few sanity checks. - -- Added some sanity checks to OMAPI connection/authentication code. +! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent + option addition and stripping code. Added a few sanity checks. Although + highly improbable, due to requiring the reception of a DHCP datagram well + in excess of all known to be used physical MTU limitations, it is possible + this may have been used in a stack overflow security vulnerability. Thanks + to a patch from infamous42md. + +! Added some sanity checks to OMAPI connection/authentication code. + Although highly improbable, due to having to deliver in excess of 2^32 + bytes of data via the OMAPI channel, not to mention requiring dhcpd to + be able to malloc() a memory region 2^32 bytes in size, it was possible + this might have resulted in a heap overflow security vulnerability. + Thanks to a patch from infamous42md. - dmalloc() memset()'s the non-debug (data) portion of the allocated memory to zero. Code that memset()'s the result returned by dmalloc() to diff --git a/client/dhclient.c b/client/dhclient.c index e751ce64..3d2aebb3 100644 --- a/client/dhclient.c +++ b/client/dhclient.c @@ -32,7 +32,7 @@ #ifndef lint static char ocopyright[] = -"$Id: dhclient.c,v 1.135 2006/03/27 09:45:47 shane Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; +"$Id: dhclient.c,v 1.136 2006/05/05 20:32:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; #endif /* not lint */ #include "dhcpd.h" @@ -61,10 +61,10 @@ struct in_addr giaddr; assert (state_is == state_shouldbe). */ #define ASSERT_STATE(state_is, state_shouldbe) {} -static char copyright[] = "Copyright 2004-2005 Internet Systems Consortium."; +static char copyright[] = "Copyright 2004-2006 Internet Systems Consortium."; static char arr [] = "All rights reserved."; static char message [] = "Internet Systems Consortium DHCP Client"; -static char url [] = "For info, please visit http://www.isc.org/products/DHCP"; +static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/"; u_int16_t local_port=0; u_int16_t remote_port=0; diff --git a/common/dhcp-eval.5 b/common/dhcp-eval.5 index 61f6fd3b..14c9e650 100644 --- a/common/dhcp-eval.5 +++ b/common/dhcp-eval.5 @@ -1,4 +1,4 @@ -.\" $Id: dhcp-eval.5,v 1.19 2005/03/17 20:14:57 dhankins Exp $ +.\" $Id: dhcp-eval.5,v 1.20 2006/05/05 20:32:30 dhankins Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1996-2003 by Internet Software Consortium @@ -468,7 +468,7 @@ of the record is the leased address, reversed, with ".in-addr.arpa" concatenated. The right hand side is the fully qualified domain name of the client to which the address is being leased. .SH SEE ALSO -dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-eval(5), dhcpd(8), +dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-options(5), dhcpd(8), dhclient(8), RFC2132, RFC2131. .SH AUTHOR The Internet Systems Consortium DHCP Distribution was written by Ted diff --git a/common/dhcp-options.5 b/common/dhcp-options.5 index 14b7b48c..777874a9 100644 --- a/common/dhcp-options.5 +++ b/common/dhcp-options.5 @@ -1,6 +1,6 @@ -.\" $Id: dhcp-options.5,v 1.27 2006/04/26 15:13:11 dhankins Exp $ +.\" $Id: dhcp-options.5,v 1.28 2006/05/05 20:32:30 dhankins Exp $ .\" -.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1996-2003 by Internet Software Consortium .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -1069,6 +1069,19 @@ and it should generally be assumed to be an opaque object that is administratively guaranteed to be unique to a particular remote end of a circuit. .RE +.PP +.B option \fBagent.DOCSIS-device-class\fR \fIuint32\fR\fB;\fR +.RS 0.25i +.PP +The DOCSIS-device-class suboption is intended to convey information about +the host endpoint, hardware, and software, that either the host operating +system or the DHCP server may not otherwise be aware of (but the relay is +able to distinguish). This is implemented as a 32-bit field (4 octets), +each bit representing a flag describing the host in one of these ways. +So far, only bit zero (being the least significant bit) is defined in +RFC3256. If this bit is set to one, the host is considered a CPE +Controlled Cable Modem (CCCM). All other bits are reserved. +.RE .SH THE CLIENT FQDN SUBOPTIONS The Client FQDN option, currently defined in the Internet Draft draft-ietf-dhc-fqdn-option-00.txt is not a standard yet, but is in diff --git a/includes/dhcpd.h b/includes/dhcpd.h index 3a04ce49..55b9a740 100644 --- a/includes/dhcpd.h +++ b/includes/dhcpd.h @@ -439,7 +439,7 @@ struct lease_state { #endif #if !defined (DEFAULT_MIN_LEASE_TIME) -# define DEFAULT_MIN_LEASE_TIME 0 +# define DEFAULT_MIN_LEASE_TIME 300 #endif #if !defined (DEFAULT_MAX_LEASE_TIME) diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c index 15c0b13e..c85758e2 100644 --- a/relay/dhcrelay.c +++ b/relay/dhcrelay.c @@ -34,7 +34,7 @@ #ifndef lint static char ocopyright[] = -"$Id: dhcrelay.c,v 1.56 2006/03/27 09:45:47 shane Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; +"$Id: dhcrelay.c,v 1.57 2006/05/05 20:32:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; #endif /* not lint */ #include "dhcpd.h" @@ -92,7 +92,7 @@ enum { forward_and_append, /* Forward and append our own relay option. */ u_int16_t local_port; u_int16_t remote_port; -static char copyright [] = "Copyright 2004-2005 Internet Systems Consortium."; +static char copyright [] = "Copyright 2004-2006 Internet Systems Consortium."; static char arr [] = "All rights reserved."; static char message [] = "Internet Systems Consortium DHCP Relay Agent"; static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/"; diff --git a/server/confpars.c b/server/confpars.c index 43a2f5c8..ec2e6891 100644 --- a/server/confpars.c +++ b/server/confpars.c @@ -34,12 +34,13 @@ #ifndef lint static char copyright[] = -"$Id: confpars.c,v 1.151 2006/04/27 17:26:42 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; +"$Id: confpars.c,v 1.152 2006/05/05 20:32:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; #endif /* not lint */ #include "dhcpd.h" static TIME parsed_time; +static unsigned char global_host_once = 1; #if defined (TRACING) trace_type_t *trace_readconf_type; @@ -365,9 +366,17 @@ int parse_statement (cfile, group, type, host_decl, declaration) case HOST: next_token (&val, (unsigned *)0, cfile); - if (type != HOST_DECL && type != CLASS_DECL) + if (type != HOST_DECL && type != CLASS_DECL) { + if (global_host_once && + (type == SUBNET_DECL || type == SHARED_NET_DECL)) { + global_host_once = 0; + log_error("WARNING: Host declarations are " + "global. They are not limited to " + "the scope you declared them in."); + } + parse_host_declaration (cfile, group); - else { + } else { parse_warn (cfile, "host declarations not allowed here."); skip_to_semi (cfile); diff --git a/server/dhcpd.c b/server/dhcpd.c index 6e6e5d8f..eb1c669e 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c @@ -3,7 +3,7 @@ DHCP Server Daemon. */ /* - * Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 1996-2003 by Internet Software Consortium * * Permission to use, copy, modify, and distribute this software for any @@ -34,11 +34,11 @@ #ifndef lint static char ocopyright[] = -"$Id: dhcpd.c,v 1.118 2006/03/27 09:45:47 shane Exp $ Copyright 2004-2005 Internet Systems Consortium."; +"$Id: dhcpd.c,v 1.119 2006/05/05 20:32:30 dhankins Exp $ Copyright 2004-2006 Internet Systems Consortium."; #endif static char copyright[] = -"Copyright 2004-2005 Internet Systems Consortium."; +"Copyright 2004-2006 Internet Systems Consortium."; static char arr [] = "All rights reserved."; static char message [] = "Internet Systems Consortium DHCP Server"; static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/"; diff --git a/server/dhcpd.conf.5 b/server/dhcpd.conf.5 index 5a91d861..c30cb359 100644 --- a/server/dhcpd.conf.5 +++ b/server/dhcpd.conf.5 @@ -28,7 +28,7 @@ .\" see ``http://www.vix.com''. To learn more about Nominum, Inc., see .\" ``http://www.nominum.com''. .\" -.\" $Id: dhcpd.conf.5,v 1.70 2006/02/24 23:16:31 dhankins Exp $ +.\" $Id: dhcpd.conf.5,v 1.71 2006/05/05 20:32:30 dhankins Exp $ .\" .TH dhcpd.conf 5 .SH NAME @@ -2198,6 +2198,23 @@ If no value is set, ping-timeout defaults to 1 second. .RE .PP The +.I remote-port +statement +.RS 0.25i +.PP +.B remote-port \fIport\fB;\fR +.PP +This statement causes the DHCP server to transmit DHCP responses to DHCP +clients upon the UDP port specified in \fIport\fR, rather than on port 68. +In the event that the UDP response is transmitted to a DHCP Relay, the +server generally uses the \fBlocal-port\fR configuration value. Should the +DHCP Relay happen to be addressed as 127.0.0.1, however, the DHCP Server +transmits its response to the \fBremote-port\fR configuration value. This +is generally only useful for testing purposes, and this configuratoin value +should generally not be used. +.RE +.PP +The .I server-identifier statement .RS 0.25i diff --git a/server/mdb.c b/server/mdb.c index 4b65b635..db860b08 100644 --- a/server/mdb.c +++ b/server/mdb.c @@ -34,7 +34,7 @@ #ifndef lint static char copyright[] = -"$Id: mdb.c,v 1.76 2006/04/27 17:26:42 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; +"$Id: mdb.c,v 1.77 2006/05/05 20:32:31 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n"; #endif /* not lint */ #include "dhcpd.h" @@ -1101,14 +1101,13 @@ int supersede_lease (comp, lease, commit, propogate, pimmediate) } if (!lp) { - log_error ("Lease with binding state %s not on its queue.", - (comp -> binding_state < 1 || - comp -> binding_state > FTS_LAST) - ? "unknown" - : binding_state_names [comp -> binding_state - 1]); - return 0; + log_fatal("Lease with binding state %s not on its queue.", + (comp->binding_state < 1 || + comp->binding_state > FTS_LAST) + ? "unknown" + : binding_state_names[comp->binding_state - 1]); } - + if (prev) { lease_dereference (&prev -> next, MDL); if (comp -> next) { @@ -2145,10 +2144,19 @@ void expire_all_pools () for (l = *(lptr [i]); l; l = l -> next) { p -> lease_count++; if (l -> ends <= cur_time) { - if (i == FREE_LEASES) - p -> free_leases++; - else if (i == BACKUP_LEASES) - p -> backup_leases++; + if (l->binding_state == FTS_FREE) { + if (i == FREE_LEASES) + p->free_leases++; + else + log_fatal("Impossible case " + "at %s:%d.", MDL); + } else if (l->binding_state == FTS_BACKUP) { + if (i == BACKUP_LEASES) + p->backup_leases++; + else + log_fatal("Impossible case " + "at %s:%d.", MDL); + } } #if defined (FAILOVER_PROTOCOL) if (p -> failover_peer && |