aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2011-12-08 16:41:05 +0100
committerDenys Vlasenko <vda.linux@googlemail.com>2011-12-08 16:41:05 +0100
commit7280d2017d8075267a12e469983e38277dcf0374 (patch)
tree3a6bd5c562b04dfadeb72ba7f599db66026977f1
parent53782d9221c854be057edfc4e847ea13717dfece (diff)
downloadbusybox-w32-7280d2017d8075267a12e469983e38277dcf0374.tar.gz
busybox-w32-7280d2017d8075267a12e469983e38277dcf0374.tar.bz2
busybox-w32-7280d2017d8075267a12e469983e38277dcf0374.zip
udhcpc: sanitize hostnames in incoming packets. Closes 3979.
The following options are replaced with string "bad" if they contain malformed hostname: HOST_NAME, DOMAIN_NAME, NIS_DOMAIN, TFTP_SERVER_NAME function old new delta xmalloc_optname_optval 850 888 +38 attach_option 440 443 +3 len_of_option_as_string 13 14 +1 dhcp_option_lengths 13 14 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 4/0 up/down: 43/0) Total: 43 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--networking/udhcp/common.c14
-rw-r--r--networking/udhcp/common.h3
-rw-r--r--networking/udhcp/dhcpc.c61
3 files changed, 73 insertions, 5 deletions
diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
index a89dce3ae..cf6b1ca91 100644
--- a/networking/udhcp/common.c
+++ b/networking/udhcp/common.c
@@ -29,9 +29,9 @@ const struct dhcp_optflag dhcp_optflags[] = {
29// { OPTION_IP | OPTION_LIST , 0x07 }, /* DHCP_LOG_SERVER */ 29// { OPTION_IP | OPTION_LIST , 0x07 }, /* DHCP_LOG_SERVER */
30// { OPTION_IP | OPTION_LIST , 0x08 }, /* DHCP_COOKIE_SERVER */ 30// { OPTION_IP | OPTION_LIST , 0x08 }, /* DHCP_COOKIE_SERVER */
31 { OPTION_IP | OPTION_LIST , 0x09 }, /* DHCP_LPR_SERVER */ 31 { OPTION_IP | OPTION_LIST , 0x09 }, /* DHCP_LPR_SERVER */
32 { OPTION_STRING | OPTION_REQ, 0x0c }, /* DHCP_HOST_NAME */ 32 { OPTION_STRING_HOST | OPTION_REQ, 0x0c }, /* DHCP_HOST_NAME */
33 { OPTION_U16 , 0x0d }, /* DHCP_BOOT_SIZE */ 33 { OPTION_U16 , 0x0d }, /* DHCP_BOOT_SIZE */
34 { OPTION_STRING | OPTION_REQ, 0x0f }, /* DHCP_DOMAIN_NAME */ 34 { OPTION_STRING_HOST | OPTION_REQ, 0x0f }, /* DHCP_DOMAIN_NAME */
35 { OPTION_IP , 0x10 }, /* DHCP_SWAP_SERVER */ 35 { OPTION_IP , 0x10 }, /* DHCP_SWAP_SERVER */
36 { OPTION_STRING , 0x11 }, /* DHCP_ROOT_PATH */ 36 { OPTION_STRING , 0x11 }, /* DHCP_ROOT_PATH */
37 { OPTION_U8 , 0x17 }, /* DHCP_IP_TTL */ 37 { OPTION_U8 , 0x17 }, /* DHCP_IP_TTL */
@@ -41,7 +41,7 @@ const struct dhcp_optflag dhcp_optflags[] = {
41//server would let us know anyway? 41//server would let us know anyway?
42 { OPTION_IP | OPTION_REQ, 0x1c }, /* DHCP_BROADCAST */ 42 { OPTION_IP | OPTION_REQ, 0x1c }, /* DHCP_BROADCAST */
43 { OPTION_IP_PAIR | OPTION_LIST , 0x21 }, /* DHCP_ROUTES */ 43 { OPTION_IP_PAIR | OPTION_LIST , 0x21 }, /* DHCP_ROUTES */
44 { OPTION_STRING , 0x28 }, /* DHCP_NIS_DOMAIN */ 44 { OPTION_STRING_HOST , 0x28 }, /* DHCP_NIS_DOMAIN */
45 { OPTION_IP | OPTION_LIST , 0x29 }, /* DHCP_NIS_SERVER */ 45 { OPTION_IP | OPTION_LIST , 0x29 }, /* DHCP_NIS_SERVER */
46 { OPTION_IP | OPTION_LIST | OPTION_REQ, 0x2a }, /* DHCP_NTP_SERVER */ 46 { OPTION_IP | OPTION_LIST | OPTION_REQ, 0x2a }, /* DHCP_NTP_SERVER */
47 { OPTION_IP | OPTION_LIST , 0x2c }, /* DHCP_WINS_SERVER */ 47 { OPTION_IP | OPTION_LIST , 0x2c }, /* DHCP_WINS_SERVER */
@@ -49,7 +49,7 @@ const struct dhcp_optflag dhcp_optflags[] = {
49 { OPTION_IP , 0x36 }, /* DHCP_SERVER_ID */ 49 { OPTION_IP , 0x36 }, /* DHCP_SERVER_ID */
50 { OPTION_STRING , 0x38 }, /* DHCP_ERR_MESSAGE */ 50 { OPTION_STRING , 0x38 }, /* DHCP_ERR_MESSAGE */
51//TODO: must be combined with 'sname' and 'file' handling: 51//TODO: must be combined with 'sname' and 'file' handling:
52 { OPTION_STRING , 0x42 }, /* DHCP_TFTP_SERVER_NAME */ 52 { OPTION_STRING_HOST , 0x42 }, /* DHCP_TFTP_SERVER_NAME */
53 { OPTION_STRING , 0x43 }, /* DHCP_BOOT_FILE */ 53 { OPTION_STRING , 0x43 }, /* DHCP_BOOT_FILE */
54//TODO: not a string, but a set of LASCII strings: 54//TODO: not a string, but a set of LASCII strings:
55// { OPTION_STRING , 0x4D }, /* DHCP_USER_CLASS */ 55// { OPTION_STRING , 0x4D }, /* DHCP_USER_CLASS */
@@ -148,6 +148,7 @@ const uint8_t dhcp_option_lengths[] ALIGN1 = {
148 [OPTION_IP_PAIR] = 8, 148 [OPTION_IP_PAIR] = 8,
149// [OPTION_BOOLEAN] = 1, 149// [OPTION_BOOLEAN] = 1,
150 [OPTION_STRING] = 1, /* ignored by udhcp_str2optset */ 150 [OPTION_STRING] = 1, /* ignored by udhcp_str2optset */
151 [OPTION_STRING_HOST] = 1, /* ignored by udhcp_str2optset */
151#if ENABLE_FEATURE_UDHCP_RFC3397 152#if ENABLE_FEATURE_UDHCP_RFC3397
152 [OPTION_DNS_STRING] = 1, /* ignored by both udhcp_str2optset and xmalloc_optname_optval */ 153 [OPTION_DNS_STRING] = 1, /* ignored by both udhcp_str2optset and xmalloc_optname_optval */
153 [OPTION_SIP_SERVERS] = 1, 154 [OPTION_SIP_SERVERS] = 1,
@@ -417,7 +418,9 @@ static NOINLINE void attach_option(
417 /* actually 255 is ok too, but adding a space can overlow it */ 418 /* actually 255 is ok too, but adding a space can overlow it */
418 419
419 existing->data = xrealloc(existing->data, OPT_DATA + 1 + old_len + length); 420 existing->data = xrealloc(existing->data, OPT_DATA + 1 + old_len + length);
420 if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING) { 421 if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING
422 || (optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING_HOST
423 ) {
421 /* add space separator between STRING options in a list */ 424 /* add space separator between STRING options in a list */
422 existing->data[OPT_DATA + old_len] = ' '; 425 existing->data[OPT_DATA + old_len] = ' ';
423 old_len++; 426 old_len++;
@@ -481,6 +484,7 @@ int FAST_FUNC udhcp_str2optset(const char *const_str, void *arg)
481 retval = udhcp_str2nip(val, buffer + 4); 484 retval = udhcp_str2nip(val, buffer + 4);
482 break; 485 break;
483 case OPTION_STRING: 486 case OPTION_STRING:
487 case OPTION_STRING_HOST:
484#if ENABLE_FEATURE_UDHCP_RFC3397 488#if ENABLE_FEATURE_UDHCP_RFC3397
485 case OPTION_DNS_STRING: 489 case OPTION_DNS_STRING:
486#endif 490#endif
diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
index 479ae49f3..cfd58679a 100644
--- a/networking/udhcp/common.h
+++ b/networking/udhcp/common.h
@@ -80,6 +80,9 @@ enum {
80 OPTION_IP = 1, 80 OPTION_IP = 1,
81 OPTION_IP_PAIR, 81 OPTION_IP_PAIR,
82 OPTION_STRING, 82 OPTION_STRING,
83 /* Opts of STRING_HOST type will be sanitized before they are passed
84 * to udhcpc script's environment: */
85 OPTION_STRING_HOST,
83// OPTION_BOOLEAN, 86// OPTION_BOOLEAN,
84 OPTION_U8, 87 OPTION_U8,
85 OPTION_U16, 88 OPTION_U16,
diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
index 945600c6b..2f2016cd5 100644
--- a/networking/udhcp/dhcpc.c
+++ b/networking/udhcp/dhcpc.c
@@ -135,6 +135,63 @@ static int mton(uint32_t mask)
135 return i; 135 return i;
136} 136}
137 137
138/* Check if a given label represents a valid DNS label
139 * Return pointer to the first character after the label upon success,
140 * NULL otherwise.
141 * See RFC1035, 2.3.1
142 */
143/* We don't need to be particularly anal. For example, allowing _, hyphen
144 * at the end, or leading and trailing dots would be ok, since it
145 * can't be used for attacks. (Leading hyphen can be, if someone uses
146 * cmd "$hostname"
147 * in the script: then hostname may be treated as an option)
148 */
149static const char *valid_domain_label(const char *label)
150{
151 unsigned char ch;
152 unsigned pos = 0;
153
154 for (;;) {
155 ch = *label;
156 if ((ch|0x20) < 'a' || (ch|0x20) > 'z') {
157 if (pos == 0) {
158 /* label must begin with letter */
159 return NULL;
160 }
161 if (ch < '0' || ch > '9') {
162 if (ch == '\0' || ch == '.')
163 return label;
164 /* DNS allows only '-', but we are more permissive */
165 if (ch != '-' && ch != '_')
166 return NULL;
167 }
168 }
169 label++;
170 pos++;
171 //Do we want this?
172 //if (pos > 63) /* NS_MAXLABEL; labels must be 63 chars or less */
173 // return NULL;
174 }
175}
176
177/* Check if a given name represents a valid DNS name */
178/* See RFC1035, 2.3.1 */
179static int good_hostname(const char *name)
180{
181 //const char *start = name;
182
183 for (;;) {
184 name = valid_domain_label(name);
185 if (!name)
186 return 0;
187 if (!name[0])
188 return 1;
189 //Do we want this?
190 //return ((name - start) < 1025); /* NS_MAXDNAME */
191 name++;
192 }
193}
194
138/* Create "opt_name=opt_value" string */ 195/* Create "opt_name=opt_value" string */
139static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_optflag *optflag, const char *opt_name) 196static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_optflag *optflag, const char *opt_name)
140{ 197{
@@ -187,8 +244,11 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
187 * the case of list of options. 244 * the case of list of options.
188 */ 245 */
189 case OPTION_STRING: 246 case OPTION_STRING:
247 case OPTION_STRING_HOST:
190 memcpy(dest, option, len); 248 memcpy(dest, option, len);
191 dest[len] = '\0'; 249 dest[len] = '\0';
250 if (type == OPTION_STRING_HOST && !good_hostname(dest))
251 safe_strncpy(dest, "bad", len);
192 return ret; 252 return ret;
193 case OPTION_STATIC_ROUTES: { 253 case OPTION_STATIC_ROUTES: {
194 /* Option binary format: 254 /* Option binary format:
@@ -368,6 +428,7 @@ static char **fill_envp(struct dhcp_packet *packet)
368 /* +1 element for each option, +2 for subnet option: */ 428 /* +1 element for each option, +2 for subnet option: */
369 if (packet) { 429 if (packet) {
370 /* note: do not search for "pad" (0) and "end" (255) options */ 430 /* note: do not search for "pad" (0) and "end" (255) options */
431//TODO: change logic to scan packet _once_
371 for (i = 1; i < 255; i++) { 432 for (i = 1; i < 255; i++) {
372 temp = udhcp_get_option(packet, i); 433 temp = udhcp_get_option(packet, i);
373 if (temp) { 434 if (temp) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-13 07:34:03 +0000