Merge branch 'busybox' into merge

10 files changed, 246 insertions, 262 deletions

diff --git a/networking/brctl.c b/networking/brctl.c
index 25640246d..2f4ac4a87 100644
--- a/networking/brctl.c
+++ b/networking/brctl.c
@@ -107,7 +107,7 @@ static unsigned str_to_jiffies(const char *time_str)
 
 #define filedata bb_common_bufsiz1
 
-#if ENABLE_FEATURE_BRCTL_SHOW
+#if ENABLE_FEATURE_BRCTL_SHOW || ENABLE_FEATURE_BRCTL_FANCY
 static int read_file(const char *name)
 {
         int n = open_read_close(name, filedata, COMMON_BUFSIZE - 1);
@@ -120,7 +120,9 @@ static int read_file(const char *name)
         }
         return n;
 }
+#endif
 
+#if ENABLE_FEATURE_BRCTL_SHOW
 /* NB: we are in /sys/class/net
  */
 static int show_bridge(const char *name, int need_hdr)
@@ -591,6 +593,7 @@ int brctl_main(int argc UNUSED_PARAM, char **argv)
                 return EXIT_SUCCESS;
         }
 
+#if ENABLE_FEATURE_BRCTL_FANCY
         if (key == ARG_showmacs) {
                 show_bridge_macs(br);
                 return EXIT_SUCCESS;
@@ -599,6 +602,7 @@ int brctl_main(int argc UNUSED_PARAM, char **argv)
                 show_bridge_stp(br);
                 return EXIT_SUCCESS;
         }
+#endif
 
         if (!*argv) /* All of the below need at least two arguments */
                 bb_show_usage();
diff --git a/networking/httpd.c b/networking/httpd.c
index eeaa4bec1..5105eedac 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2871,6 +2871,7 @@ int httpd_main(int argc UNUSED_PARAM, char **argv)
 #if !BB_MMU
         if (!(opt & OPT_FOREGROUND)) {
                 bb_daemonize_or_rexec(0, argv); /* don't change current directory */
+                re_execed = 0; /* for the following chdir to work */
         }
 #endif
 #else /* ENABLE_PLATFORM_MINGW32 */
@@ -2878,8 +2879,8 @@ int httpd_main(int argc UNUSED_PARAM, char **argv)
                 mingw_daemonize(argv);
 #endif
 
-        /* Chdir to home (unless we were re-execed for NOMMU case:
-         * we are already in the home dir then).
+        /* Chdir to home (unless we were re_exec()ed for NOMMU case
+         * in mini_httpd_nommu(): we are already in the home dir then).
          */
 #if ENABLE_PLATFORM_MINGW32
         if (!(opt & OPT_INETD))
diff --git a/networking/nc_bloaty.c b/networking/nc_bloaty.c
index 034e03d21..88eda6b28 100644
--- a/networking/nc_bloaty.c
+++ b/networking/nc_bloaty.c
@@ -84,6 +84,7 @@
 //usage:        )
 //usage:     "\n        -n      Don't do DNS resolution"
 //usage:     "\n        -u      UDP mode"
+//usage:     "\n        -b      Allow broadcasts"
 //usage:     "\n        -v      Verbose"
 //usage:        IF_NC_EXTRA(
 //usage:     "\n        -o FILE Hex dump traffic"
@@ -171,17 +172,19 @@ enum {
         OPT_p = (1 << 1),
         OPT_s = (1 << 2),
         OPT_u = (1 << 3),
-        OPT_v = (1 << 4),
-        OPT_w = (1 << 5),
-        OPT_l = (1 << 6) * ENABLE_NC_SERVER,
-        OPT_k = (1 << 7) * ENABLE_NC_SERVER,
-        OPT_i = (1 << (6+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
-        OPT_o = (1 << (7+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
-        OPT_z = (1 << (8+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
+        OPT_b = (1 << 4),
+        OPT_v = (1 << 5),
+        OPT_w = (1 << 6),
+        OPT_l = (1 << 7) * ENABLE_NC_SERVER,
+        OPT_k = (1 << 8) * ENABLE_NC_SERVER,
+        OPT_i = (1 << (7+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
+        OPT_o = (1 << (8+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
+        OPT_z = (1 << (9+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
 };
 
 #define o_nflag   (option_mask32 & OPT_n)
 #define o_udpmode (option_mask32 & OPT_u)
+#define o_bcmode  (option_mask32 & OPT_b)
 #if ENABLE_NC_EXTRA
 #define o_ofile   (option_mask32 & OPT_o)
 #define o_zero    (option_mask32 & OPT_z)
@@ -788,7 +791,7 @@ int nc_main(int argc UNUSED_PARAM, char **argv)
 
         // -g -G -t -r deleted, unimplemented -a deleted too
         getopt32(argv, "^"
-                "np:s:uvw:+"/* -w N */ IF_NC_SERVER("lk")
+                "np:s:ubvw:+"/* -w N */ IF_NC_SERVER("lk")
                 IF_NC_EXTRA("i:o:z")
                         "\0"
                         "?2:vv"IF_NC_SERVER(":ll"), /* max 2 params; -v and -l are counters */
@@ -851,8 +854,11 @@ int nc_main(int argc UNUSED_PARAM, char **argv)
         }
         xmove_fd(x, netfd);
         setsockopt_reuseaddr(netfd);
-        if (o_udpmode)
+        if (o_udpmode) {
+                if (o_bcmode)
+                        setsockopt_broadcast(netfd);
                 socket_want_pktinfo(netfd);
+        }
         if (!ENABLE_FEATURE_UNIX_LOCAL
          || cnt_l != 0 /* listen */
          || ouraddr->u.sa.sa_family != AF_UNIX
diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
index 9ec752dfc..20d843bab 100644
--- a/networking/udhcp/common.c
+++ b/networking/udhcp/common.c
@@ -15,7 +15,7 @@ const uint8_t MAC_BCAST_ADDR[6] ALIGN2 = {
 };
 
 #if ENABLE_UDHCPC || ENABLE_UDHCPD
-/* Supported options are easily added here.
+/* Supported options are easily added here, they need to be sorted.
  * See RFC2132 for more options.
  * OPTION_REQ: these options are requested by udhcpc (unless -o).
  */
@@ -222,79 +222,91 @@ unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings
         }
 }
 
-/* Get an option with bounds checking (warning, result is not aligned) */
-uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
+/* Initialize state to be used between subsequent udhcp_scan_options calls */
+void FAST_FUNC init_scan_state(struct dhcp_packet *packet, struct dhcp_scan_state *scan_state)
+{
+        scan_state->overload = 0;
+        scan_state->rem = sizeof(packet->options);
+        scan_state->optionptr = packet->options;
+}
+
+/* Iterate over packet's options, each call returning the next option.
+ * scan_state needs to be initialized with init_scan_state beforehand.
+ * Warning, result is not aligned. */
+uint8_t* FAST_FUNC udhcp_scan_options(struct dhcp_packet *packet, struct dhcp_scan_state *scan_state)
 {
-        uint8_t *optionptr;
         int len;
-        int rem;
-        int overload = 0;
         enum {
                 FILE_FIELD101  = FILE_FIELD  * 0x101,
                 SNAME_FIELD101 = SNAME_FIELD * 0x101,
         };
 
         /* option bytes: [code][len][data1][data2]..[dataLEN] */
-        optionptr = packet->options;
-        rem = sizeof(packet->options);
         while (1) {
-                if (rem <= 0) {
+                if (scan_state->rem <= 0) {
  complain:
                         bb_simple_error_msg("bad packet, malformed option field");
                         return NULL;
                 }
 
                 /* DHCP_PADDING and DHCP_END have no [len] byte */
-                if (optionptr[OPT_CODE] == DHCP_PADDING) {
-                        rem--;
-                        optionptr++;
+                if (scan_state->optionptr[OPT_CODE] == DHCP_PADDING) {
+                        scan_state->rem--;
+                        scan_state->optionptr++;
                         continue;
                 }
-                if (optionptr[OPT_CODE] == DHCP_END) {
-                        if ((overload & FILE_FIELD101) == FILE_FIELD) {
+                if (scan_state->optionptr[OPT_CODE] == DHCP_END) {
+                        if ((scan_state->overload & FILE_FIELD101) == FILE_FIELD) {
                                 /* can use packet->file, and didn't look at it yet */
-                                overload |= FILE_FIELD101; /* "we looked at it" */
-                                optionptr = packet->file;
-                                rem = sizeof(packet->file);
+                                scan_state->overload |= FILE_FIELD101; /* "we looked at it" */
+                                scan_state->optionptr = packet->file;
+                                scan_state->rem = sizeof(packet->file);
                                 continue;
                         }
-                        if ((overload & SNAME_FIELD101) == SNAME_FIELD) {
+                        if ((scan_state->overload & SNAME_FIELD101) == SNAME_FIELD) {
                                 /* can use packet->sname, and didn't look at it yet */
-                                overload |= SNAME_FIELD101; /* "we looked at it" */
-                                optionptr = packet->sname;
-                                rem = sizeof(packet->sname);
+                                scan_state->overload |= SNAME_FIELD101; /* "we looked at it" */
+                                scan_state->optionptr = packet->sname;
+                                scan_state->rem = sizeof(packet->sname);
                                 continue;
                         }
                         break;
                 }
 
-                if (rem <= OPT_LEN)
+                if (scan_state->rem <= OPT_LEN)
                         goto complain; /* complain and return NULL */
-                len = 2 + optionptr[OPT_LEN];
-                rem -= len;
-                if (rem < 0)
+                len = 2 + scan_state->optionptr[OPT_LEN];
+                scan_state->rem -= len;
+                /* So far no valid option with length 0 known. */
+                if (scan_state->rem < 0 || scan_state->optionptr[OPT_LEN] == 0)
                         goto complain; /* complain and return NULL */
 
-                if (optionptr[OPT_CODE] == code) {
-                        if (optionptr[OPT_LEN] == 0) {
-                                /* So far no valid option with length 0 known.
-                                 * Having this check means that searching
-                                 * for DHCP_MESSAGE_TYPE need not worry
-                                 * that returned pointer might be unsafe
-                                 * to dereference.
-                                 */
-                                goto complain; /* complain and return NULL */
-                        }
-                        log_option("option found", optionptr);
-                        return optionptr + OPT_DATA;
+                if (scan_state->optionptr[OPT_CODE] == DHCP_OPTION_OVERLOAD) {
+                        if (len >= 3)
+                                scan_state->overload |= scan_state->optionptr[OPT_DATA];
+                } else {
+                        uint8_t *return_ptr = scan_state->optionptr;
+                        scan_state->optionptr += len;
+                        return return_ptr;
                 }
+                scan_state->optionptr += len;
+        }
 
-                if (optionptr[OPT_CODE] == DHCP_OPTION_OVERLOAD) {
-                        if (len >= 3)
-                                overload |= optionptr[OPT_DATA];
-                        /* fall through */
+        return NULL;
+}
+
+/* Get an option with bounds checking (warning, result is not aligned) */
+uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
+{
+        uint8_t *optptr;
+        struct dhcp_scan_state scan_state;
+
+        init_scan_state(packet, &scan_state);
+        while ((optptr = udhcp_scan_options(packet, &scan_state)) != NULL) {
+                if (optptr[OPT_CODE] == code) {
+                        log_option("option found", optptr);
+                        return optptr + OPT_DATA;
                 }
-                optionptr += len;
         }
 
         /* log3 because udhcpc uses it a lot - very noisy */
@@ -431,7 +443,7 @@ static NOINLINE void attach_option(
 #if ENABLE_FEATURE_UDHCP_RFC3397
         if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_DNS_STRING) {
                 /* reuse buffer and length for RFC1035-formatted string */
-                allocated = buffer = (char *)dname_enc(NULL, 0, buffer, &length);
+                allocated = buffer = (char *)dname_enc(/*NULL, 0,*/ buffer, &length);
         }
 #endif
 
diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
index 60255eefa..81c1dcbdc 100644
--- a/networking/udhcp/common.h
+++ b/networking/udhcp/common.h
@@ -78,7 +78,7 @@ struct BUG_bad_sizeof_struct_ip_udp_dhcp_packet {
 /*** Options ***/
 
 enum {
-        OPTION_IP = 1,
+        OPTION_IP = 0,
         OPTION_IP_PAIR,
         OPTION_STRING,
         /* Opts of STRING_HOST type will be sanitized before they are passed
@@ -107,6 +107,12 @@ enum {
         OPTION_LIST = 0x20,
 };
 
+struct dhcp_scan_state {
+        int overload;
+        int rem;
+        uint8_t *optionptr;
+};
+
 /* DHCP option codes (partial list). See RFC 2132 and
  * http://www.iana.org/assignments/bootp-dhcp-parameters/
  * Commented out options are handled by common option machinery,
@@ -206,6 +212,8 @@ extern const uint8_t dhcp_option_lengths[] ALIGN1;
 
 unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings);
 
+void init_scan_state(struct dhcp_packet *packet, struct dhcp_scan_state *scan_state) FAST_FUNC;
+uint8_t *udhcp_scan_options(struct dhcp_packet *packet, struct dhcp_scan_state *scan_state) FAST_FUNC;
 uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
 /* Same as above + ensures that option length is 4 bytes
  * (returns NULL if size is different)
@@ -218,7 +226,7 @@ void udhcp_add_simple_option(struct dhcp_packet *packet, uint8_t code, uint32_t
 #endif
 #if ENABLE_FEATURE_UDHCP_RFC3397 || ENABLE_FEATURE_UDHCPC6_RFC3646 || ENABLE_FEATURE_UDHCPC6_RFC4704
 char *dname_dec(const uint8_t *cstr, int clen, const char *pre) FAST_FUNC;
-uint8_t *dname_enc(const uint8_t *cstr, int clen, const char *src, int *retlen) FAST_FUNC;
+uint8_t *dname_enc(/*const uint8_t *cstr, int clen,*/ const char *src, int *retlen) FAST_FUNC;
 #endif
 struct option_set *udhcp_find_option(struct option_set *opt_list, uint8_t code) FAST_FUNC;
 
diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c
index 85c410a7c..fc2d672b7 100644
--- a/networking/udhcp/d6_dhcpc.c
+++ b/networking/udhcp/d6_dhcpc.c
@@ -553,11 +553,15 @@ static int d6_mcast_from_client_data_ifindex(struct d6_packet *packet, uint8_t *
                 0xFF, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02,
         };
+        /* IPv6 requires different multicast contents in Ethernet Frame (RFC 2464) */
+        static const uint8_t MAC_DHCP6MCAST_ADDR[6] ALIGN2 = {
+                0x33, 0x33, 0x00, 0x01, 0x00, 0x02,
+        };
 
         return d6_send_raw_packet(
                 packet, (end - (uint8_t*) packet),
                 /*src*/ &client6_data.ll_ip6, CLIENT_PORT6,
-                /*dst*/ (struct in6_addr*)FF02__1_2, SERVER_PORT6, MAC_BCAST_ADDR,
+                /*dst*/ (struct in6_addr*)FF02__1_2, SERVER_PORT6, MAC_DHCP6MCAST_ADDR,
                 client_data.ifindex
         );
 }
diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
index 5a1f8fd7a..50dfead63 100644
--- a/networking/udhcp/dhcpc.c
+++ b/networking/udhcp/dhcpc.c
@@ -159,61 +159,27 @@ static int mton(uint32_t mask)
 }
 
 #if ENABLE_FEATURE_UDHCPC_SANITIZEOPT
-/* Check if a given label represents a valid DNS label
- * Return pointer to the first character after the label
- * (NUL or dot) upon success, NULL otherwise.
- * See RFC1035, 2.3.1
- */
+/* Check if a given name represents a valid DNS name */
+/* See RFC1035, 2.3.1 */
 /* We don't need to be particularly anal. For example, allowing _, hyphen
  * at the end, or leading and trailing dots would be ok, since it
- * can't be used for attacks. (Leading hyphen can be, if someone uses
- * cmd "$hostname"
+ * can't be used for attacks. (Leading hyphen can be, if someone uses cmd "$hostname"
  * in the script: then hostname may be treated as an option)
  */
-static const char *valid_domain_label(const char *label)
-{
-        unsigned char ch;
-        //unsigned pos = 0;
-
-        if (label[0] == '-')
-                return NULL;
-        for (;;) {
-                ch = *label;
-                if ((ch|0x20) < 'a' || (ch|0x20) > 'z') {
-                        if (ch < '0' || ch > '9') {
-                                if (ch == '\0' || ch == '.')
-                                        return label;
-                                /* DNS allows only '-', but we are more permissive */
-                                if (ch != '-' && ch != '_')
-                                        return NULL;
-                        }
-                }
-                label++;
-                //pos++;
-                //Do we want this?
-                //if (pos > 63) /* NS_MAXLABEL; labels must be 63 chars or less */
-                //      return NULL;
-        }
-}
-
-/* Check if a given name represents a valid DNS name */
-/* See RFC1035, 2.3.1 */
 static int good_hostname(const char *name)
 {
-        //const char *start = name;
-
-        for (;;) {
-                name = valid_domain_label(name);
-                if (!name)
-                        return 0;
-                if (!name[0])
-                        return 1;
-                        //Do we want this?
-                        //return ((name - start) < 1025); /* NS_MAXDNAME */
-                name++;
-                if (*name == '\0')
-                        return 1; // We allow trailing dot too
+        if (*name == '-') /* Can't start with '-' */
+                return 0;
+
+        while (*name) {
+                unsigned char ch = *name++;
+                if (!isalnum(ch))
+                        /* DNS allows only '-', but we are more permissive */
+                        if (ch != '-' && ch != '_' && ch != '.')
+                                return 0;
+                // TODO: do we want to validate lengths against NS_MAXLABEL and NS_MAXDNAME?
         }
+        return 1;
 }
 #else
 # define good_hostname(name) 1
@@ -242,9 +208,8 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
                 case OPTION_IP:
                 case OPTION_IP_PAIR:
                         dest += sprint_nip(dest, "", option);
-                        if (type == OPTION_IP)
-                                break;
-                        dest += sprint_nip(dest, "/", option + 4);
+                        if (type == OPTION_IP_PAIR)
+                                dest += sprint_nip(dest, "/", option + 4);
                         break;
 //              case OPTION_BOOLEAN:
 //                      dest += sprintf(dest, *option ? "yes" : "no");
@@ -346,7 +311,7 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
                          * IPv4MaskLen <= 32,
                          * 6rdPrefixLen <= 128,
                          * 6rdPrefixLen + (32 - IPv4MaskLen) <= 128
-                         * (2nd condition need no check - it follows from 1st and 3rd).
+                         * (2nd condition needs no check - it follows from 1st and 3rd).
                          * Else, return envvar with empty value ("optname=")
                          */
                         if (len >= (1 + 1 + 16 + 4)
@@ -360,17 +325,12 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
                                 /* 6rdPrefix */
                                 dest += sprint_nip6(dest, /* "", */ option);
                                 option += 16;
-                                len -= 1 + 1 + 16 + 4;
-                                /* "+ 4" above corresponds to the length of IPv4 addr
-                                 * we consume in the loop below */
-                                while (1) {
-                                        /* 6rdBRIPv4Address(es) */
-                                        dest += sprint_nip(dest, " ", option);
-                                        option += 4;
-                                        len -= 4; /* do we have yet another 4+ bytes? */
-                                        if (len < 0)
-                                                break; /* no */
-                                }
+                                len -= 1 + 1 + 16;
+                                *dest++ = ' ';
+                                /* 6rdBRIPv4Address(es), use common IPv4 logic to process them */
+                                type = OPTION_IP;
+                                optlen = 4;
+                                continue;
                         }
 
                         return ret;
@@ -392,23 +352,18 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
                          */
                         option++;
                         len--;
+                        if (option[-1] == 1) {
+                                /* use common IPv4 logic to process IP addrs */
+                                type = OPTION_IP;
+                                optlen = 4;
+                                continue;
+                        }
                         if (option[-1] == 0) {
                                 dest = dname_dec(option, len, ret);
                                 if (dest) {
                                         free(ret);
                                         return dest;
                                 }
-                        } else
-                        if (option[-1] == 1) {
-                                const char *pfx = "";
-                                while (1) {
-                                        len -= 4;
-                                        if (len < 0)
-                                                break;
-                                        dest += sprint_nip(dest, pfx, option);
-                                        pfx = " ";
-                                        option += 4;
-                                }
                         }
                         return ret;
 #endif
@@ -431,59 +386,78 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
         return ret;
 }
 
-/* put all the parameters into the environment */
-static char **fill_envp(struct dhcp_packet *packet)
+static void putenvp(llist_t **envp, char *new_opt)
+{
+        putenv(new_opt);
+        log2(" %s", new_opt);
+        llist_add_to(envp, new_opt);
+}
+
+static const char* get_optname(uint8_t code, const struct dhcp_optflag **dh)
 {
-        int envc;
-        int i;
-        char **envp, **curr;
-        const char *opt_name;
-        uint8_t *temp;
-        uint8_t overload = 0;
-
-#define BITMAP unsigned
-#define BBITS (sizeof(BITMAP) * 8)
-#define BMASK(i) (1 << (i & (sizeof(BITMAP) * 8 - 1)))
-#define FOUND_OPTS(i) (found_opts[(unsigned)i / BBITS])
-        BITMAP found_opts[256 / BBITS];
-
-        memset(found_opts, 0, sizeof(found_opts));
-
-        /* We need 7 elements for:
-         * "interface=IFACE"
-         * "ip=N.N.N.N" from packet->yiaddr
-         * "giaddr=IP" from packet->gateway_nip (unless 0)
-         * "siaddr=IP" from packet->siaddr_nip (unless 0)
-         * "boot_file=FILE" from packet->file (unless overloaded)
-         * "sname=SERVER_HOSTNAME" from packet->sname (unless overloaded)
-         * terminating NULL
+        /* Find the option:
+         * dhcp_optflags is sorted so we stop searching when dh->code >= code, which is faster
+         * than iterating over the entire array.
+         * Options which don't have a match in dhcp_option_strings[], e.g DHCP_REQUESTED_IP,
+         * are located after the sorted array, so these entries will never be reached
+         * and they'll count as unknown options.
          */
-        envc = 7;
-        /* +1 element for each option, +2 for subnet option: */
-        if (packet) {
-                /* note: do not search for "pad" (0) and "end" (255) options */
-//TODO: change logic to scan packet _once_
-                for (i = 1; i < 255; i++) {
-                        temp = udhcp_get_option(packet, i);
-                        if (temp) {
-                                if (i == DHCP_OPTION_OVERLOAD)
-                                        overload |= *temp;
-                                else if (i == DHCP_SUBNET)
-                                        envc++; /* for $mask */
-                                envc++;
-                                /*if (i != DHCP_MESSAGE_TYPE)*/
-                                FOUND_OPTS(i) |= BMASK(i);
-                        }
-                }
-        }
-        curr = envp = xzalloc(sizeof(envp[0]) * envc);
+        for (*dh = dhcp_optflags; (*dh)->code && (*dh)->code < code; (*dh)++)
+                    continue;
+
+        if ((*dh)->code == code)
+                return nth_string(dhcp_option_strings, (*dh - dhcp_optflags));
+
+        return NULL;
+}
+
+/* put all the parameters into the environment */
+static llist_t *fill_envp(struct dhcp_packet *packet)
+{
+        uint8_t *optptr;
+        struct dhcp_scan_state scan_state;
+        char *new_opt;
+        llist_t *envp = NULL;
 
-        *curr = xasprintf("interface=%s", client_data.interface);
-        putenv(*curr++);
+        putenvp(&envp, xasprintf("interface=%s", client_data.interface));
 
         if (!packet)
                 return envp;
 
+        init_scan_state(packet, &scan_state);
+
+        /* Iterate over the packet options.
+         * Handle each option based on whether it's an unknown / known option.
+         * There may be (although unlikely) duplicate options. For now, only the last
+         * appearing option will be stored in the environment, and all duplicates
+         * are freed properly.
+         * Long options may be implemented in the future (see RFC 3396) if needed.
+         */
+        while ((optptr = udhcp_scan_options(packet, &scan_state)) != NULL) {
+                const struct dhcp_optflag *dh;
+                const char *opt_name;
+                uint8_t code = optptr[OPT_CODE];
+                uint8_t len = optptr[OPT_LEN];
+                uint8_t *data = optptr + OPT_DATA;
+
+                opt_name = get_optname(code, &dh);
+                if (opt_name) {
+                        new_opt = xmalloc_optname_optval(data, dh, opt_name);
+                        if (code == DHCP_SUBNET && len == 4) {
+                                uint32_t subnet;
+                                putenvp(&envp, new_opt);
+                                move_from_unaligned32(subnet, data);
+                                new_opt = xasprintf("mask=%u", mton(subnet));
+                        }
+                } else {
+                        unsigned ofs;
+                        new_opt = xmalloc(sizeof("optNNN=") + 1 + len*2);
+                        ofs = sprintf(new_opt, "opt%u=", code);
+                        bin2hex(new_opt + ofs, (char *)data, len)[0] = '\0';
+                }
+                putenvp(&envp, new_opt);
+        }
+
         /* Export BOOTP fields. Fields we don't (yet?) export:
          * uint8_t op;      // always BOOTREPLY
          * uint8_t htype;   // hardware address type. 1 = 10mb ethernet
@@ -497,77 +471,31 @@ static char **fill_envp(struct dhcp_packet *packet)
          * uint8_t chaddr[16]; // link-layer client hardware address (MAC)
          */
         /* Most important one: yiaddr as $ip */
-        *curr = xmalloc(sizeof("ip=255.255.255.255"));
-        sprint_nip(*curr, "ip=", (uint8_t *) &packet->yiaddr);
-        putenv(*curr++);
+        new_opt = xmalloc(sizeof("ip=255.255.255.255"));
+        sprint_nip(new_opt, "ip=", (uint8_t *) &packet->yiaddr);
+        putenvp(&envp, new_opt);
+
         if (packet->siaddr_nip) {
                 /* IP address of next server to use in bootstrap */
-                *curr = xmalloc(sizeof("siaddr=255.255.255.255"));
-                sprint_nip(*curr, "siaddr=", (uint8_t *) &packet->siaddr_nip);
-                putenv(*curr++);
+                new_opt = xmalloc(sizeof("siaddr=255.255.255.255"));
+                sprint_nip(new_opt, "siaddr=", (uint8_t *) &packet->siaddr_nip);
+                putenvp(&envp, new_opt);
         }
         if (packet->gateway_nip) {
                 /* IP address of DHCP relay agent */
-                *curr = xmalloc(sizeof("giaddr=255.255.255.255"));
-                sprint_nip(*curr, "giaddr=", (uint8_t *) &packet->gateway_nip);
-                putenv(*curr++);
+                new_opt = xmalloc(sizeof("giaddr=255.255.255.255"));
+                sprint_nip(new_opt, "giaddr=", (uint8_t *) &packet->gateway_nip);
+                putenvp(&envp, new_opt);
         }
-        if (!(overload & FILE_FIELD) && packet->file[0]) {
+        if (!(scan_state.overload & FILE_FIELD) && packet->file[0]) {
                 /* watch out for invalid packets */
-                *curr = xasprintf("boot_file=%."DHCP_PKT_FILE_LEN_STR"s", packet->file);
-                putenv(*curr++);
+                new_opt = xasprintf("boot_file=%."DHCP_PKT_FILE_LEN_STR"s", packet->file);
+                putenvp(&envp, new_opt);
         }
-        if (!(overload & SNAME_FIELD) && packet->sname[0]) {
+        if (!(scan_state.overload & SNAME_FIELD) && packet->sname[0]) {
                 /* watch out for invalid packets */
-                *curr = xasprintf("sname=%."DHCP_PKT_SNAME_LEN_STR"s", packet->sname);
-                putenv(*curr++);
-        }
-
-        /* Export known DHCP options */
-        opt_name = dhcp_option_strings;
-        i = 0;
-        while (*opt_name) {
-                uint8_t code = dhcp_optflags[i].code;
-                BITMAP *found_ptr = &FOUND_OPTS(code);
-                BITMAP found_mask = BMASK(code);
-                if (!(*found_ptr & found_mask))
-                        goto next;
-                *found_ptr &= ~found_mask; /* leave only unknown options */
-                temp = udhcp_get_option(packet, code);
-                *curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name);
-                putenv(*curr++);
-                if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) {
-                        /* Subnet option: make things like "$ip/$mask" possible */
-                        uint32_t subnet;
-                        move_from_unaligned32(subnet, temp);
-                        *curr = xasprintf("mask=%u", mton(subnet));
-                        putenv(*curr++);
-                }
- next:
-                opt_name += strlen(opt_name) + 1;
-                i++;
-        }
-        /* Export unknown options */
-        for (i = 0; i < 256;) {
-                BITMAP bitmap = FOUND_OPTS(i);
-                if (!bitmap) {
-                        i += BBITS;
-                        continue;
-                }
-                if (bitmap & BMASK(i)) {
-                        unsigned len, ofs;
-
-                        temp = udhcp_get_option(packet, i);
-                        /* udhcp_get_option returns ptr to data portion,
-                         * need to go back to get len
-                         */
-                        len = temp[-OPT_DATA + OPT_LEN];
-                        *curr = xmalloc(sizeof("optNNN=") + 1 + len*2);
-                        ofs = sprintf(*curr, "opt%u=", i);
-                        *bin2hex(*curr + ofs, (void*) temp, len) = '\0';
-                        putenv(*curr++);
-                }
-                i++;
+                new_opt = xasprintf("sname=%."DHCP_PKT_SNAME_LEN_STR"s", packet->sname);
+                putenvp(&envp, new_opt);
         }
 
         return envp;
@@ -576,7 +504,7 @@ static char **fill_envp(struct dhcp_packet *packet)
 /* Call a script with a par file and env vars */
 static void udhcp_run_script(struct dhcp_packet *packet, const char *name)
 {
-        char **envp, **curr;
+        llist_t *envp;
         char *argv[3];
 
         envp = fill_envp(packet);
@@ -588,11 +516,8 @@ static void udhcp_run_script(struct dhcp_packet *packet, const char *name)
         argv[2] = NULL;
         spawn_and_wait(argv);
 
-        for (curr = envp; *curr; curr++) {
-                log2(" %s", *curr);
-                bb_unsetenv_and_free(*curr);
-        }
-        free(envp);
+        /* Free all allocated environment variables */
+        llist_free(envp, (void (*)(void *))bb_unsetenv_and_free);
 }
 
 
diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
index 9d6604943..acfdaa8c3 100644
--- a/networking/udhcp/dhcpd.c
+++ b/networking/udhcp/dhcpd.c
@@ -46,6 +46,12 @@
 #include "dhcpc.h"
 #include "dhcpd.h"
 
+#if ENABLE_PID_FILE_PATH
+#define PID_FILE_PATH CONFIG_PID_FILE_PATH
+#else
+#define PID_FILE_PATH "/var/run"
+#endif
+
 /* globals */
 #define g_leases ((struct dyn_lease*)ptr_to_globals)
 /* struct server_data_t server_data is in bb_common_bufsiz1 */
@@ -406,7 +412,7 @@ static const struct config_keyword keywords[] = {
         {"offer_time"   , read_u32        , OFS(offer_time   ), "60"},
         {"min_lease"    , read_u32        , OFS(min_lease_sec), "60"},
         {"lease_file"   , read_str        , OFS(lease_file   ), LEASES_FILE},
-        {"pidfile"      , read_str        , OFS(pidfile      ), "/var/run/udhcpd.pid"},
+        {"pidfile"      , read_str        , OFS(pidfile      ), PID_FILE_PATH "/udhcpd.pid"},
         {"siaddr"       , udhcp_str2nip   , OFS(siaddr_nip   ), "0.0.0.0"},
         /* keywords with no defaults must be last! */
         {"option"       , read_optset     , OFS(options      ), ""},
diff --git a/networking/udhcp/domain_codec.c b/networking/udhcp/domain_codec.c
index b7a3a5353..752c0a863 100644
--- a/networking/udhcp/domain_codec.c
+++ b/networking/udhcp/domain_codec.c
@@ -109,11 +109,11 @@ char* FAST_FUNC dname_dec(const uint8_t *cstr, int clen, const char *pre)
         return ret;
 }
 
-/* Convert a domain name (src) from human-readable "foo.blah.com" format into
+/* Convert a domain name (src) from human-readable "foo.BLAH.com" format into
  * RFC1035 encoding "\003foo\004blah\003com\000". Return allocated string, or
  * NULL if an error occurs.
  */
-static uint8_t *convert_dname(const char *src)
+static uint8_t *convert_dname(const char *src, int *retlen)
 {
         uint8_t c, *res, *lenptr, *dst;
         int len;
@@ -129,6 +129,7 @@ static uint8_t *convert_dname(const char *src)
                         /* label too long, too short, or two '.'s in a row? abort */
                         if (len > NS_MAXLABEL || len == 0 || (c == '.' && *src == '.')) {
                                 free(res);
+                                *retlen = 0;
                                 return NULL;
                         }
                         *lenptr = len;
@@ -144,13 +145,16 @@ static uint8_t *convert_dname(const char *src)
 
         if (dst - res >= NS_MAXCDNAME) {  /* dname too long? abort */
                 free(res);
+                *retlen = 0;
                 return NULL;
         }
 
-        *dst = 0;
+        *dst++ = 0;
+        *retlen = dst - res;
         return res;
 }
 
+#if 0 //UNUSED
 /* Returns the offset within cstr at which dname can be found, or -1 */
 static int find_offset(const uint8_t *cstr, int clen, const uint8_t *dname)
 {
@@ -188,28 +192,27 @@ static int find_offset(const uint8_t *cstr, int clen, const uint8_t *dname)
 
         return -1;
 }
+#endif
 
+uint8_t* FAST_FUNC dname_enc(/*const uint8_t *cstr, int clen,*/ const char *src, int *retlen)
+{
+#if 0 //UNUSED, was intended for long, repetitive DHCP_DOMAIN_SEARCH options?
+        uint8_t *d, *dname;
 /* Computes string to be appended to cstr so that src would be added to
  * the compression (best case, it's a 2-byte pointer to some offset within
  * cstr; worst case, it's all of src, converted to <4>host<3>com<0> format).
  * The computed string is returned directly; its length is returned via retlen;
  * NULL and 0, respectively, are returned if an error occurs.
  */
-uint8_t* FAST_FUNC dname_enc(const uint8_t *cstr, int clen, const char *src, int *retlen)
-{
-        uint8_t *d, *dname;
-        int off;
-
-        dname = convert_dname(src);
+        dname = convert_dname(src, retlen);
         if (dname == NULL) {
-                *retlen = 0;
                 return NULL;
         }
 
         d = dname;
         while (*d) {
                 if (cstr) {
-                        off = find_offset(cstr, clen, d);
+                        int off = find_offset(cstr, clen, d);
                         if (off >= 0) { /* found a match, add pointer and return */
                                 *d++ = NS_CMPRSFLGS | (off >> 8);
                                 *d = off;
@@ -221,6 +224,8 @@ uint8_t* FAST_FUNC dname_enc(const uint8_t *cstr, int clen, const char *src, int
 
         *retlen = d - dname + 1;
         return dname;
+#endif
+        return convert_dname(src, retlen);
 }
 
 #ifdef DNS_COMPR_TESTING
diff --git a/networking/wget.c b/networking/wget.c
index bc237c4a8..8a967fe20 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -679,7 +679,8 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
         pid = xvfork();
         if (pid == 0) {
                 /* Child */
-                char *argv[9];
+                char *argv[13];
+                char **argp;
 
                 close(sp[0]);
                 xmove_fd(sp[1], 0);
@@ -702,13 +703,25 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
                  * TLS server_name (SNI) field are FQDNs (DNS hostnames).
                  * IPv4 and IPv6 addresses, port numbers are not allowed.
                  */
+                argp = &argv[5];
                 if (!is_ip_address(servername)) {
-                        argv[5] = (char*)"-servername";
-                        argv[6] = (char*)servername;
+                        *argp++ = (char*)"-servername"; //[5]
+                        *argp++ = (char*)servername;    //[6]
                 }
                 if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
-                        argv[7] = (char*)"-verify_return_error";
+                        /* Abort on bad server certificate */
+                        *argp++ = (char*)"-verify";              //[7]
+                        *argp++ = (char*)"100";                  //[8]
+                        *argp++ = (char*)"-verify_return_error"; //[9]
+                        if (!is_ip_address(servername)) {
+                                *argp++ = (char*)"-verify_hostname"; //[10]
+                                *argp++ = (char*)servername;         //[11]
+                        } else {
+                                *argp++ = (char*)"-verify_ip"; //[10]
+                                *argp++ = (char*)host;         //[11]
+                        }
                 }
+                //[12] (or earlier) is NULL terminator
 
                 BB_EXECVP(argv[0], argv);
                 xmove_fd(3, 2);