From junki@qn-lpr2-98.quicknet.inet.fi Tue Mar  9 07:55:48 1999
Return-Path: <junki@qn-lpr2-98.quicknet.inet.fi>
Received: from qn-lpr2-98.quicknet.inet.fi (qn-lpr2-98.quicknet.inet.fi [194.251.102.98])
	by hub.freebsd.org (Postfix) with ESMTP id A1D3614E6E
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  9 Mar 1999 07:55:41 -0800 (PST)
	(envelope-from junki@qn-lpr2-98.quicknet.inet.fi)
Received: (from junki@localhost)
	by pena.oh5nxo.ampr.org (8.9.3/8.9.1) id RAA01341;
	Tue, 9 Mar 1999 17:48:30 +0200 (EET)
	(envelope-from junki)
Message-Id: <199903091548.RAA01341@pena.oh5nxo.ampr.org>
Date: Tue, 9 Mar 1999 17:48:30 +0200 (EET)
From: Juha Nurmela <junki@qn-lpr2-98.quicknet.inet.fi>
Reply-To: junki@qn-lpr2-98.quicknet.inet.fi
To: FreeBSD-gnats-submit@freebsd.org
Subject: isc-dhcp puts garbage to text options, V2.0b1pl17
X-Send-Pr-Version: 3.2

>Number:         10508
>Category:       bin
>Synopsis:       isc-dhcp puts garbage to text options, V2.0b1pl17
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    obrien
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar  9 08:00:01 PST 1999
>Closed-Date:    Sat Dec 11 17:47:26 PST 1999
>Last-Modified:  Sat Dec 11 17:48:10 PST 1999
>Originator:     Juha Nurmela
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
ACME Inc.
>Environment:
 
     Internet Software Consortium DHCP Client V2.0b1pl17
     Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
     All rights reserved.
 
     FreeBSD
     4.0-CURRENT
     FreeBSD 4.0-CURRENT #131:
     Tue Mar  9 02:51:48 EET 1999
     i386
 
>Description:
 
     isc-dhcp V2.0b1pl17 sometimes messes textual DHCP options.
     In my case, prepending stuff to domain_name-option revealed the bug,
     garbage appeared at the end.
     Options are not C strings, but counted arrays, it seems,
     but strcpy() was used to move the fields.
 
>How-To-Repeat:
 
     In /etc/dhclient.conf:
 
     interface "ep0" {
        prepend domain-name "oh5nxo.ampr.org ";
        prepend domain-name-servers 127.0.0.1;
        script "/etc/dhclient-script";
     }
 
     # dhclient -d -D ep0
 
     /tmp/dcsXXX might now contain garbage at the end of some textual fields,
     or in /etc/resolv.conf.
 
>Fix:
 
     In /usr/src/contrib/isc-dhcp/common/options.c:
 
 
     /* Cycle through the array (or hunk) printing the data. */
     for (i = 0; i < numhunk; i++) {
         for (j = 0; j < numelem; j++) {
             switch (fmtbuf [j]) {
             case 't':
                 if (emit_quotes)
                     *op++ = '"';
 -               strcpy (op, (char *)dp);
 -               op += strlen ((char *)dp);
 +               while (len-- && *dp) /* counted array, but might end in \0 */
 +                   *op++ = *dp++;
                 if (emit_quotes)
                     *op++ = '"';
                 *op = 0;
             break;
 
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: steve 
Responsible-Changed-When: Sun Mar 14 19:26:11 PST 1999 
Responsible-Changed-Why:  
Misfiled PR. 
Responsible-Changed-From-To: freebsd-bugs->obrien 
Responsible-Changed-By: obrien 
Responsible-Changed-When: Mon Apr 19 15:31:56 PDT 1999 
Responsible-Changed-Why:  
I guess Im mr. dhcp. 
State-Changed-From-To: open->suspended 
State-Changed-By: obrien 
State-Changed-When: Sun May 2 01:39:50 PDT 1999 
State-Changed-Why:  
I am not really setup to reproduce this problem, and there was not suffient 
documenation of the problem sent for me to fully see the problem.  (ie. 
the script created in /tmp was not sent, or the corrupt /etc/resolv.conf). 

Also, this really an ISC problem.  Please report the bug to them and see 
if they believe this is the proper fix. 
State-Changed-From-To: suspended->closed 
State-Changed-By: obrien 
State-Changed-When: Sat Dec 11 17:47:26 PST 1999 
State-Changed-Why:  
This was fixed in ISC's 2.0 release. 
If you still have a problem, please let me know. 
>Unformatted:
