diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-12-08 16:41:05 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-12-08 16:41:05 +0100 |
| commit | 7280d2017d8075267a12e469983e38277dcf0374 (patch) | |
| tree | 3a6bd5c562b04dfadeb72ba7f599db66026977f1 /networking/udhcp/dhcpc.c | |
| parent | 53782d9221c854be057edfc4e847ea13717dfece (diff) | |
| download | busybox-w32-7280d2017d8075267a12e469983e38277dcf0374.tar.gz busybox-w32-7280d2017d8075267a12e469983e38277dcf0374.tar.bz2 busybox-w32-7280d2017d8075267a12e469983e38277dcf0374.zip | |
udhcpc: sanitize hostnames in incoming packets. Closes 3979.
The following options are replaced with string "bad" if they
contain malformed hostname:
HOST_NAME, DOMAIN_NAME, NIS_DOMAIN, TFTP_SERVER_NAME
function old new delta
xmalloc_optname_optval 850 888 +38
attach_option 440 443 +3
len_of_option_as_string 13 14 +1
dhcp_option_lengths 13 14 +1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/0 up/down: 43/0) Total: 43 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/udhcp/dhcpc.c')
| -rw-r--r-- | networking/udhcp/dhcpc.c | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c index 945600c6b..2f2016cd5 100644 --- a/networking/udhcp/dhcpc.c +++ b/networking/udhcp/dhcpc.c | |||
| @@ -135,6 +135,63 @@ static int mton(uint32_t mask) | |||
| 135 | return i; | 135 | return i; |
| 136 | } | 136 | } |
| 137 | 137 | ||
| 138 | /* Check if a given label represents a valid DNS label | ||
| 139 | * Return pointer to the first character after the label upon success, | ||
| 140 | * NULL otherwise. | ||
| 141 | * See RFC1035, 2.3.1 | ||
| 142 | */ | ||
| 143 | /* We don't need to be particularly anal. For example, allowing _, hyphen | ||
| 144 | * at the end, or leading and trailing dots would be ok, since it | ||
| 145 | * can't be used for attacks. (Leading hyphen can be, if someone uses | ||
| 146 | * cmd "$hostname" | ||
| 147 | * in the script: then hostname may be treated as an option) | ||
| 148 | */ | ||
| 149 | static const char *valid_domain_label(const char *label) | ||
| 150 | { | ||
| 151 | unsigned char ch; | ||
| 152 | unsigned pos = 0; | ||
| 153 | |||
| 154 | for (;;) { | ||
| 155 | ch = *label; | ||
| 156 | if ((ch|0x20) < 'a' || (ch|0x20) > 'z') { | ||
| 157 | if (pos == 0) { | ||
| 158 | /* label must begin with letter */ | ||
| 159 | return NULL; | ||
| 160 | } | ||
| 161 | if (ch < '0' || ch > '9') { | ||
| 162 | if (ch == '\0' || ch == '.') | ||
| 163 | return label; | ||
| 164 | /* DNS allows only '-', but we are more permissive */ | ||
| 165 | if (ch != '-' && ch != '_') | ||
| 166 | return NULL; | ||
| 167 | } | ||
| 168 | } | ||
| 169 | label++; | ||
| 170 | pos++; | ||
| 171 | //Do we want this? | ||
| 172 | //if (pos > 63) /* NS_MAXLABEL; labels must be 63 chars or less */ | ||
| 173 | // return NULL; | ||
| 174 | } | ||
| 175 | } | ||
| 176 | |||
| 177 | /* Check if a given name represents a valid DNS name */ | ||
| 178 | /* See RFC1035, 2.3.1 */ | ||
| 179 | static int good_hostname(const char *name) | ||
| 180 | { | ||
| 181 | //const char *start = name; | ||
| 182 | |||
| 183 | for (;;) { | ||
| 184 | name = valid_domain_label(name); | ||
| 185 | if (!name) | ||
| 186 | return 0; | ||
| 187 | if (!name[0]) | ||
| 188 | return 1; | ||
| 189 | //Do we want this? | ||
| 190 | //return ((name - start) < 1025); /* NS_MAXDNAME */ | ||
| 191 | name++; | ||
| 192 | } | ||
| 193 | } | ||
| 194 | |||
| 138 | /* Create "opt_name=opt_value" string */ | 195 | /* Create "opt_name=opt_value" string */ |
| 139 | static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_optflag *optflag, const char *opt_name) | 196 | static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_optflag *optflag, const char *opt_name) |
| 140 | { | 197 | { |
| @@ -187,8 +244,11 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_ | |||
| 187 | * the case of list of options. | 244 | * the case of list of options. |
| 188 | */ | 245 | */ |
| 189 | case OPTION_STRING: | 246 | case OPTION_STRING: |
| 247 | case OPTION_STRING_HOST: | ||
| 190 | memcpy(dest, option, len); | 248 | memcpy(dest, option, len); |
| 191 | dest[len] = '\0'; | 249 | dest[len] = '\0'; |
| 250 | if (type == OPTION_STRING_HOST && !good_hostname(dest)) | ||
| 251 | safe_strncpy(dest, "bad", len); | ||
| 192 | return ret; | 252 | return ret; |
| 193 | case OPTION_STATIC_ROUTES: { | 253 | case OPTION_STATIC_ROUTES: { |
| 194 | /* Option binary format: | 254 | /* Option binary format: |
| @@ -368,6 +428,7 @@ static char **fill_envp(struct dhcp_packet *packet) | |||
| 368 | /* +1 element for each option, +2 for subnet option: */ | 428 | /* +1 element for each option, +2 for subnet option: */ |
| 369 | if (packet) { | 429 | if (packet) { |
| 370 | /* note: do not search for "pad" (0) and "end" (255) options */ | 430 | /* note: do not search for "pad" (0) and "end" (255) options */ |
| 431 | //TODO: change logic to scan packet _once_ | ||
| 371 | for (i = 1; i < 255; i++) { | 432 | for (i = 1; i < 255; i++) { |
| 372 | temp = udhcp_get_option(packet, i); | 433 | temp = udhcp_get_option(packet, i); |
| 373 | if (temp) { | 434 | if (temp) { |