| Age | Commit message (Collapse) | Author |
|---|
|
to make it clearer. Explicitly mention that older
printers may require it to be set to false, as this
has come up on the mailing lists a few times.
Original diff from sthen@.
ok jmc@
|
|
note that this is only part of raf's original diff: the rest is for
code. although i'm sure the diff itself is correct, i don;t judge
myself qualified to decide whether those changes are warranted.
still, i'd appreciate at least a reply to raf's diff from another
developer (yay! nay!)
|
|
ok krw@, tweaks by jmc@
|
|
issue pointed out by miod
ok krw miod
|
|
|
|
|
|
The dhcpinform() function has assumed that ciaddr matches the packet's
IP source address and didn't consider a relay, such as dhcrelay(8) -
indicated by giaddr, has forwarded the request.
Tested by landry@
OK krw@
|
|
hostnames which resolve to muliple ip addresses are all forwarded to
the client;
issue reported by edgar pettijohn;
discussed with dhcpd's de facto maintainer, kenneth westerback;
|
|
|
|
|
|
turned off for those clients and networks that find it impossible to
move past RFC 2131. Modelled on the same statement in recent ISC
versions, though we default to 'on' (a.k.a. RFC 6842) rather that
'off' (a.k.a. RFC 2131).
Problems reported by Bastien Durel (Xerox Phaser 6022 printer) and
Bryan Vyhmeister (Hon Hai Precision router) via misc@. Thanks!
|
|
around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
|
sanity improvements reyk@ recently put into dhcrelay to ensure no more than
the captured packet is processed.
|
|
had it correct. Don't BPF_WORDALIGN() the value for the number of
bytes read() into the buffer. This could theoretically cause the
processing of 1 - 3 more bytes than were read.
|
|
dhclient. Eliminate extra prototypes for checksum() and wrapsum().
|
|
and enums.
|
|
|
|
|
|
its friends.
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
placement logic from dhclient.
|
|
Point out that dhcpd(8) -f is an alias for -d.
|
|
log_warn(). Zap a couple of explicit 'syslog()' calls.
|
|
|
|
fatalx() -> fatal() and even a couple of fprintf(stderr) -> log_warn().
|
|
|
|
ok benno@
|
|
with standard daemon log.[ch].
ok mpi@
|
|
tb@ was initially concerned about next-server but there were more
similar occurrences. Simple solution - "hostname" - proposed by jmc@
ok from both
|
|
"Looks good" to deraadt@
|
|
value specified in dhcpd.conf.
i.e. don't assume it is always the primary address of the interface
the packet arrived on.
Fixes issues with redundant dhcpd servers and CARP'd interfaces.
Issue reported and fix tested by Johan Huldtgren
|
|
- Use explicit_bzero(3) instead of bzero(3) to clean temporary HMAC
OK krw@
|
|
inappropriate. Which is why client_identifier_len exists.
Replace copy&pasted strlen() with client_identifier_len.
Symptoms (crash) and cause (bad c&p) spotted by sthen@.
tested & ok sthen@
|
|
RFC 3042 says servers that do not understand the option will not
echo it.
Plus, our desultory attempt at echoing was almost certainly broken
for OFFERs (use after free of packet data) and not even attempted
for NACKs.
ok millert@
|
|
the client-identifier value. RFC 6842 says the server MUST echo it.
Echoing the information disambiguates packets for relays and clients
when chaddr is 0. Similar to what dhcpv6 does.
|
|
uses of very long #define names) to access option data in nak_lease()
and ack_lease().
Shortens a lot of lines, which allows a number of line splits to
be eliminates.
Makes some upcoming diffs easier to integrate.
No intentional functional change.
|
|
|
|
timegm, and tzset
ok deraadt@
|
|
|
|
Diff from Edgar Pettijohn.
|
|
the udp socket.
Found by David Carlier.
ok yasuoka@
|
|
ok deraadt jca
|
|
this will be forbidden. The remaining pledge(2) calls after chroot(2) are still
kept.
OK semarie@ "it is time now"
|
|
missing from udpsock_startup() (udpsock.c) which happens earlier and therefore
would abort the program due to SIOCGIFADDR ioctl(2) on udpsock_handler
Reported by Philip Higgins <phil ! unita.com.au>
OK tb@
|
|
use it once on an array declared iov[1]. Just use '1'.
ok yasuoka@
|
|
ok krw@
|
|
each *.c file.
Inspired by mention of header silliness by Edgar Pettijohn and mmcc@
on tech@.
|
|
fixed part of the IP header is completely present before using its
header length field. Then use the data in the IP header to ensure
the entire IP packet is present. Then check that the entire UDP header
is present. Then use the data in the UDP header to ensure all the
data it thinks is present is actually present.
Started when tj@ and a few others noticed ISC "DHCP CVE-2015-8605:
UDP payload length not properly checked".
ok sthen@ henning@
|
|
|
|
Diff from Ricardo Mestre. Test report from sthen@.
|
