[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: dibbler - a portable DHCPv6 implementation

On Wed, Mar 23, 2005 at 10:48:42PM +0100, spam@klub.com.pl wrote:

> I have prepared Debian packages for Dibbler - an open and portable DHCPv6 
> implementation.  Is supports stateful (i.e. IPv6 address granting) as well 
> as stateless (i.e. option granting) autoconfiguration for IPv6. It is 
> one of two Linux DHCPv6 implementations available, but it has numerous 
> advantages over "competition":

> - provides client, server and relay
> - implements base standard as well as numerous extentions
> - provides detailed man pages and 20+ page User's Guide
> - mailing list with rather quick support
> - bug tracking system

> Finally, here's quick justification, why I belive those packages should be 
> part of the Debian: After almost 2 years of development, Dibbler is stable 
> enough to be merged into Debian. Sooner or later, IPv6 will come. Debian 
> should be ready for that.

  Looks good at first glance, but there are a few areas of concern.

  For some reason the author seems to confuse the use of strncpy,
 the following code for example is doing exactly the wrong thing:

	strncpy(command,argv[1],strlen(argv[1])+1);

  This leads to buffer overflows in the command line handling of
 each of the binaries:

	 /usr/sbin/dibbler-relay `perl -e 'print "X"x3434'`

	| Dibbler - a portable DHCPv6, version 0.4.0(RELAY)
	...
	...

	Segmentation fault

  These aren't setuid but it is a bit sloppy ..

Steve
--
Reply to: