| Summary: | UDHCP server has a bug | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | NieJun <yhniejun> |
| Component: | Networking | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.16.x | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
> The udhcpd has a bug of getting dhcp client's hostname. For example, My > hostname is 'niejun', bug the udhcpd get the hostname is 'nieju'. And I find > the '/var/lib/misc/udhcpd.leases' file also has the hostname 'nieju'. > > The leater, I see the source of udhcpd. I find in the file > "networking/udhcp/leases.c", at line 69, > p = safe_strncpy(oldest->hostname, hostname, hostname_len); Yes, the bug is here. > The function of 'safe_strncpy' has a bug. No. It meant to ensure the result is NUL-terminated. > Such as: > char* FAST_FUNC safe_strncpy(char *dst, const char *src, size_t size) > { > if (!size) return dst; > dst[size-1] = '\0'; > return strncpy(dst, src, size); > } This will make it the same as strncpy. What's the point? Fix is at http://busybox.net/downloads/fixes-1.16.1/busybox-1.16.1-dhcpd.patch |
The udhcpd has a bug of getting dhcp client's hostname. For example, My hostname is 'niejun', bug the udhcpd get the hostname is 'nieju'. And I find the '/var/lib/misc/udhcpd.leases' file also has the hostname 'nieju'. The leater, I see the source of udhcpd. I find in the file "networking/udhcp/leases.c", at line 69, p = safe_strncpy(oldest->hostname, hostname, hostname_len); The function of 'safe_strncpy' has a bug. char* FAST_FUNC safe_strncpy(char *dst, const char *src, size_t size) { if (!size) return dst; dst[--size] = '\0'; return strncpy(dst, src, size); } Such as: char* FAST_FUNC safe_strncpy(char *dst, const char *src, size_t size) { if (!size) return dst; dst[size-1] = '\0'; return strncpy(dst, src, size); }