Bug #43185 for dhcp-public: dhcpd crashes on truncated lease file if lease-id-format hex

I'm hereby reporting a bug in ISC DHCP for IPv4. I'm running version 4.3.4 with on Redhat Linux (probably RHEL5 or whatever). The problem is that dhcpd crashes while trying to read a truncated lease file (due to a system crash), but only if "lease-id-format hex" is set. If I get rid of that, dhcpd is able to deal with the lease file without crashing. Basically, the dhcpd lease file handling seems more fragile with "lease-id-format hex" than without. There are 5 lease files with names like dhcpd.leases.1472311428, apparently generated by dhcpd. The last 30 lines of that lease file are as follows, except that the last line is partial, without a trailing newline. ____________________tail of lease file____________________ binding state active; next binding state free; rewind binding state free; hardware ethernet 78:bd:bc:ab:c9:f8; uid 01:78:bd:bc:ab:c9:f8; set vendor-class-identifier = "udhcpc1.21.1"; } lease 128.255.98.157 { starts 6 2016/08/27 13:58:34; ends 6 2016/08/27 17:58:34; tstp 6 2016/08/27 17:58:34; cltt 6 2016/08/27 13:58:34; binding state active; next binding state free; rewind binding state free; hardware ethernet 18:03:73:25:ab:0e; uid 01:18:03:73:25:ab:0e; set vendor-class-identifier = "MSFT 5.0"; client-hostname "ATHL0631"; } lease 128.255.98.14 { starts 6 2016/08/27 14:10:09; ends 6 2016/08/27 18:10:09; tstp 6 2016/08/27 18:10:09; cltt 6 2016/08/27 14:10:09; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:90:7f:a2:6a:e8; uid 52:6f:61:64:57:69:66:69; __________________________________________________________ Let me know if you want the whole lease file or any part of the other 4. One other thing which might be pertinent is that dhcpd was built with compile time option "--enable-binary-leases". I say that because it was a recent change, but I haven't tried rebuilding without that option to see if it behaves any differently. Let me know what else you need, such as the dhcpd config file. ________________________________________________________________________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-ford@uiowa.edu, phone: 319-335-5555, fax: 319-335-2951

---

On Mon, 12 Sep 2016, Thomas Markwalder via RT wrote: > I found your problem and have attached a patch to fix it. There's a bug in > the hex output code which short changes the allocated buffer size by 1. > Sort of surprising that it doesn't fallover more often. > > I've attached the patch for you to try out. This will be in 4.3.5 and > 4.1-ESV-R14 finals due out at the end of this month. > > Let me know if this fixes the issue for you. I'll probably wait for 4.3.5 given that's already in beta. We can live without the hex lease until then. Thanks for the quick response. ________________________________________________________________________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-ford@uiowa.edu, phone: 319-335-5555

---