3 files changed, 73 insertions, 5 deletions

diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
index a89dce3ae..cf6b1ca91 100644
--- a/networking/udhcp/common.c
+++ b/networking/udhcp/common.c
@@ -29,9 +29,9 @@ const struct dhcp_optflag dhcp_optflags[] = {
 //      { OPTION_IP | OPTION_LIST                 , 0x07 }, /* DHCP_LOG_SERVER    */
 //      { OPTION_IP | OPTION_LIST                 , 0x08 }, /* DHCP_COOKIE_SERVER */
         { OPTION_IP | OPTION_LIST                 , 0x09 }, /* DHCP_LPR_SERVER    */
-        { OPTION_STRING               | OPTION_REQ, 0x0c }, /* DHCP_HOST_NAME     */
+        { OPTION_STRING_HOST          | OPTION_REQ, 0x0c }, /* DHCP_HOST_NAME     */
         { OPTION_U16                              , 0x0d }, /* DHCP_BOOT_SIZE     */
-        { OPTION_STRING               | OPTION_REQ, 0x0f }, /* DHCP_DOMAIN_NAME   */
+        { OPTION_STRING_HOST          | OPTION_REQ, 0x0f }, /* DHCP_DOMAIN_NAME   */
         { OPTION_IP                               , 0x10 }, /* DHCP_SWAP_SERVER   */
         { OPTION_STRING                           , 0x11 }, /* DHCP_ROOT_PATH     */
         { OPTION_U8                               , 0x17 }, /* DHCP_IP_TTL        */
@@ -41,7 +41,7 @@ const struct dhcp_optflag dhcp_optflags[] = {
 //server would let us know anyway?
         { OPTION_IP                   | OPTION_REQ, 0x1c }, /* DHCP_BROADCAST     */
         { OPTION_IP_PAIR | OPTION_LIST            , 0x21 }, /* DHCP_ROUTES        */
-        { OPTION_STRING                           , 0x28 }, /* DHCP_NIS_DOMAIN    */
+        { OPTION_STRING_HOST                      , 0x28 }, /* DHCP_NIS_DOMAIN    */
         { OPTION_IP | OPTION_LIST                 , 0x29 }, /* DHCP_NIS_SERVER    */
         { OPTION_IP | OPTION_LIST     | OPTION_REQ, 0x2a }, /* DHCP_NTP_SERVER    */
         { OPTION_IP | OPTION_LIST                 , 0x2c }, /* DHCP_WINS_SERVER   */
@@ -49,7 +49,7 @@ const struct dhcp_optflag dhcp_optflags[] = {
         { OPTION_IP                               , 0x36 }, /* DHCP_SERVER_ID     */
         { OPTION_STRING                           , 0x38 }, /* DHCP_ERR_MESSAGE   */
 //TODO: must be combined with 'sname' and 'file' handling:
-        { OPTION_STRING                           , 0x42 }, /* DHCP_TFTP_SERVER_NAME */
+        { OPTION_STRING_HOST                      , 0x42 }, /* DHCP_TFTP_SERVER_NAME */
         { OPTION_STRING                           , 0x43 }, /* DHCP_BOOT_FILE     */
 //TODO: not a string, but a set of LASCII strings:
 //      { OPTION_STRING                           , 0x4D }, /* DHCP_USER_CLASS    */
@@ -148,6 +148,7 @@ const uint8_t dhcp_option_lengths[] ALIGN1 = {
         [OPTION_IP_PAIR] = 8,
 //      [OPTION_BOOLEAN] = 1,
         [OPTION_STRING] =  1,  /* ignored by udhcp_str2optset */
+        [OPTION_STRING_HOST] = 1,  /* ignored by udhcp_str2optset */
 #if ENABLE_FEATURE_UDHCP_RFC3397
         [OPTION_DNS_STRING] = 1,  /* ignored by both udhcp_str2optset and xmalloc_optname_optval */
         [OPTION_SIP_SERVERS] = 1,
@@ -417,7 +418,9 @@ static NOINLINE void attach_option(
                         /* actually 255 is ok too, but adding a space can overlow it */
 
                         existing->data = xrealloc(existing->data, OPT_DATA + 1 + old_len + length);
-                        if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING) {
+                        if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING
+                         || (optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING_HOST
+                        ) {
                                 /* add space separator between STRING options in a list */
                                 existing->data[OPT_DATA + old_len] = ' ';
                                 old_len++;
@@ -481,6 +484,7 @@ int FAST_FUNC udhcp_str2optset(const char *const_str, void *arg)
                                 retval = udhcp_str2nip(val, buffer + 4);
                         break;
                 case OPTION_STRING:
+                case OPTION_STRING_HOST:
 #if ENABLE_FEATURE_UDHCP_RFC3397
                 case OPTION_DNS_STRING:
 #endif
diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
index 479ae49f3..cfd58679a 100644
--- a/networking/udhcp/common.h
+++ b/networking/udhcp/common.h
@@ -80,6 +80,9 @@ enum {
         OPTION_IP = 1,
         OPTION_IP_PAIR,
         OPTION_STRING,
+        /* Opts of STRING_HOST type will be sanitized before they are passed
+         * to udhcpc script's environment: */
+        OPTION_STRING_HOST,
 //      OPTION_BOOLEAN,
         OPTION_U8,
         OPTION_U16,
diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
index 945600c6b..2f2016cd5 100644
--- a/networking/udhcp/dhcpc.c
+++ b/networking/udhcp/dhcpc.c
@@ -135,6 +135,63 @@ static int mton(uint32_t mask)
         return i;
 }
 
+/* Check if a given label represents a valid DNS label
+ * Return pointer to the first character after the label upon success,
+ * NULL otherwise.
+ * See RFC1035, 2.3.1
+ */
+/* We don't need to be particularly anal. For example, allowing _, hyphen
+ * at the end, or leading and trailing dots would be ok, since it
+ * can't be used for attacks. (Leading hyphen can be, if someone uses
+ * cmd "$hostname"
+ * in the script: then hostname may be treated as an option)
+ */
+static const char *valid_domain_label(const char *label)
+{
+        unsigned char ch;
+        unsigned pos = 0;
+
+        for (;;) {
+                ch = *label;
+                if ((ch|0x20) < 'a' || (ch|0x20) > 'z') {
+                        if (pos == 0) {
+                                /* label must begin with letter */
+                                return NULL;
+                        }
+                        if (ch < '0' || ch > '9') {
+                                if (ch == '\0' || ch == '.')
+                                        return label;
+                                /* DNS allows only '-', but we are more permissive */
+                                if (ch != '-' && ch != '_')
+                                        return NULL;
+                        }
+                }
+                label++;
+                pos++;
+                //Do we want this?
+                //if (pos > 63) /* NS_MAXLABEL; labels must be 63 chars or less */
+                //      return NULL;
+        }
+}
+
+/* Check if a given name represents a valid DNS name */
+/* See RFC1035, 2.3.1 */
+static int good_hostname(const char *name)
+{
+        //const char *start = name;
+
+        for (;;) {
+                name = valid_domain_label(name);
+                if (!name)
+                        return 0;
+                if (!name[0])
+                        return 1;
+                        //Do we want this?
+                        //return ((name - start) < 1025); /* NS_MAXDNAME */
+                name++;
+        }
+}
+
 /* Create "opt_name=opt_value" string */
 static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_optflag *optflag, const char *opt_name)
 {
@@ -187,8 +244,11 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
                  * the case of list of options.
                  */
                 case OPTION_STRING:
+                case OPTION_STRING_HOST:
                         memcpy(dest, option, len);
                         dest[len] = '\0';
+                        if (type == OPTION_STRING_HOST && !good_hostname(dest))
+                                safe_strncpy(dest, "bad", len);
                         return ret;
                 case OPTION_STATIC_ROUTES: {
                         /* Option binary format:
@@ -368,6 +428,7 @@ static char **fill_envp(struct dhcp_packet *packet)
         /* +1 element for each option, +2 for subnet option: */
         if (packet) {
                 /* note: do not search for "pad" (0) and "end" (255) options */
+//TODO: change logic to scan packet _once_
                 for (i = 1; i < 255; i++) {
                         temp = udhcp_get_option(packet, i);
                         if (temp) {