| 1 | --- busybox-1.19.4/networking/udhcp/common.c |
| 2 | +++ busybox-1.19.4-udhcp/networking/udhcp/common.c |
| 3 | @@ -29,16 +29,16 @@ const struct dhcp_optflag dhcp_optflags[ |
| 4 | // { OPTION_IP | OPTION_LIST , 0x07 }, /* DHCP_LOG_SERVER */ |
| 5 | // { OPTION_IP | OPTION_LIST , 0x08 }, /* DHCP_COOKIE_SERVER */ |
| 6 | { OPTION_IP | OPTION_LIST , 0x09 }, /* DHCP_LPR_SERVER */ |
| 7 | - { OPTION_STRING | OPTION_REQ, 0x0c }, /* DHCP_HOST_NAME */ |
| 8 | + { OPTION_STRING_HOST | OPTION_REQ, 0x0c }, /* DHCP_HOST_NAME */ |
| 9 | { OPTION_U16 , 0x0d }, /* DHCP_BOOT_SIZE */ |
| 10 | - { OPTION_STRING | OPTION_REQ, 0x0f }, /* DHCP_DOMAIN_NAME */ |
| 11 | + { OPTION_STRING_HOST | OPTION_REQ, 0x0f }, /* DHCP_DOMAIN_NAME */ |
| 12 | { OPTION_IP , 0x10 }, /* DHCP_SWAP_SERVER */ |
| 13 | { OPTION_STRING , 0x11 }, /* DHCP_ROOT_PATH */ |
| 14 | { OPTION_U8 , 0x17 }, /* DHCP_IP_TTL */ |
| 15 | { OPTION_U16 , 0x1a }, /* DHCP_MTU */ |
| 16 | { OPTION_IP | OPTION_REQ, 0x1c }, /* DHCP_BROADCAST */ |
| 17 | { OPTION_IP_PAIR | OPTION_LIST , 0x21 }, /* DHCP_ROUTES */ |
| 18 | - { OPTION_STRING , 0x28 }, /* DHCP_NIS_DOMAIN */ |
| 19 | + { OPTION_STRING_HOST , 0x28 }, /* DHCP_NIS_DOMAIN */ |
| 20 | { OPTION_IP | OPTION_LIST , 0x29 }, /* DHCP_NIS_SERVER */ |
| 21 | { OPTION_IP | OPTION_LIST | OPTION_REQ, 0x2a }, /* DHCP_NTP_SERVER */ |
| 22 | { OPTION_IP | OPTION_LIST , 0x2c }, /* DHCP_WINS_SERVER */ |
| 23 | @@ -46,7 +46,7 @@ const struct dhcp_optflag dhcp_optflags[ |
| 24 | { OPTION_IP , 0x36 }, /* DHCP_SERVER_ID */ |
| 25 | { OPTION_STRING , 0x38 }, /* DHCP_ERR_MESSAGE */ |
| 26 | //TODO: must be combined with 'sname' and 'file' handling: |
| 27 | - { OPTION_STRING , 0x42 }, /* DHCP_TFTP_SERVER_NAME */ |
| 28 | + { OPTION_STRING_HOST , 0x42 }, /* DHCP_TFTP_SERVER_NAME */ |
| 29 | { OPTION_STRING , 0x43 }, /* DHCP_BOOT_FILE */ |
| 30 | //TODO: not a string, but a set of LASCII strings: |
| 31 | // { OPTION_STRING , 0x4D }, /* DHCP_USER_CLASS */ |
| 32 | @@ -143,6 +143,7 @@ const uint8_t dhcp_option_lengths[] ALIG |
| 33 | [OPTION_IP_PAIR] = 8, |
| 34 | // [OPTION_BOOLEAN] = 1, |
| 35 | [OPTION_STRING] = 1, /* ignored by udhcp_str2optset */ |
| 36 | + [OPTION_STRING_HOST] = 1, /* ignored by udhcp_str2optset */ |
| 37 | #if ENABLE_FEATURE_UDHCP_RFC3397 |
| 38 | [OPTION_DNS_STRING] = 1, /* ignored by both udhcp_str2optset and xmalloc_optname_optval */ |
| 39 | [OPTION_SIP_SERVERS] = 1, |
| 40 | @@ -411,7 +412,9 @@ static NOINLINE void attach_option( |
| 41 | /* actually 255 is ok too, but adding a space can overlow it */ |
| 42 | |
| 43 | existing->data = xrealloc(existing->data, OPT_DATA + 1 + old_len + length); |
| 44 | - if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING) { |
| 45 | + if ((optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING |
| 46 | + || (optflag->flags & OPTION_TYPE_MASK) == OPTION_STRING_HOST |
| 47 | + ) { |
| 48 | /* add space separator between STRING options in a list */ |
| 49 | existing->data[OPT_DATA + old_len] = ' '; |
| 50 | old_len++; |
| 51 | @@ -475,6 +478,7 @@ int FAST_FUNC udhcp_str2optset(const cha |
| 52 | retval = udhcp_str2nip(val, buffer + 4); |
| 53 | break; |
| 54 | case OPTION_STRING: |
| 55 | + case OPTION_STRING_HOST: |
| 56 | #if ENABLE_FEATURE_UDHCP_RFC3397 |
| 57 | case OPTION_DNS_STRING: |
| 58 | #endif |
| 59 | --- busybox-1.19.4/networking/udhcp/common.h |
| 60 | +++ busybox-1.19.4-udhcp/networking/udhcp/common.h |
| 61 | @@ -80,6 +80,9 @@ enum { |
| 62 | OPTION_IP = 1, |
| 63 | OPTION_IP_PAIR, |
| 64 | OPTION_STRING, |
| 65 | + /* Opts of STRING_HOST type will be sanitized before they are passed |
| 66 | + * to udhcpc script's environment: */ |
| 67 | + OPTION_STRING_HOST, |
| 68 | // OPTION_BOOLEAN, |
| 69 | OPTION_U8, |
| 70 | OPTION_U16, |
| 71 | --- busybox-1.19.4/networking/udhcp/dhcpc.c |
| 72 | +++ busybox-1.19.4-udhcp/networking/udhcp/dhcpc.c |
| 73 | @@ -101,6 +101,7 @@ static const uint8_t len_of_option_as_st |
| 74 | [OPTION_IP_PAIR ] = sizeof("255.255.255.255 ") * 2, |
| 75 | [OPTION_STATIC_ROUTES ] = sizeof("255.255.255.255/32 255.255.255.255 "), |
| 76 | [OPTION_STRING ] = 1, |
| 77 | + [OPTION_STRING_HOST ] = 1, |
| 78 | #if ENABLE_FEATURE_UDHCP_RFC3397 |
| 79 | [OPTION_DNS_STRING ] = 1, /* unused */ |
| 80 | /* Hmmm, this severely overestimates size if SIP_SERVERS option |
| 81 | @@ -135,6 +136,63 @@ static int mton(uint32_t mask) |
| 82 | return i; |
| 83 | } |
| 84 | |
| 85 | +/* Check if a given label represents a valid DNS label |
| 86 | + * Return pointer to the first character after the label upon success, |
| 87 | + * NULL otherwise. |
| 88 | + * See RFC1035, 2.3.1 |
| 89 | + */ |
| 90 | +/* We don't need to be particularly anal. For example, allowing _, hyphen |
| 91 | + * at the end, or leading and trailing dots would be ok, since it |
| 92 | + * can't be used for attacks. (Leading hyphen can be, if someone uses |
| 93 | + * cmd "$hostname" |
| 94 | + * in the script: then hostname may be treated as an option) |
| 95 | + */ |
| 96 | +static const char *valid_domain_label(const char *label) |
| 97 | +{ |
| 98 | + unsigned char ch; |
| 99 | + unsigned pos = 0; |
| 100 | + |
| 101 | + for (;;) { |
| 102 | + ch = *label; |
| 103 | + if ((ch|0x20) < 'a' || (ch|0x20) > 'z') { |
| 104 | + if (pos == 0) { |
| 105 | + /* label must begin with letter */ |
| 106 | + return NULL; |
| 107 | + } |
| 108 | + if (ch < '0' || ch > '9') { |
| 109 | + if (ch == '\0' || ch == '.') |
| 110 | + return label; |
| 111 | + /* DNS allows only '-', but we are more permissive */ |
| 112 | + if (ch != '-' && ch != '_') |
| 113 | + return NULL; |
| 114 | + } |
| 115 | + } |
| 116 | + label++; |
| 117 | + pos++; |
| 118 | + //Do we want this? |
| 119 | + //if (pos > 63) /* NS_MAXLABEL; labels must be 63 chars or less */ |
| 120 | + // return NULL; |
| 121 | + } |
| 122 | +} |
| 123 | + |
| 124 | +/* Check if a given name represents a valid DNS name */ |
| 125 | +/* See RFC1035, 2.3.1 */ |
| 126 | +static int good_hostname(const char *name) |
| 127 | +{ |
| 128 | + //const char *start = name; |
| 129 | + |
| 130 | + for (;;) { |
| 131 | + name = valid_domain_label(name); |
| 132 | + if (!name) |
| 133 | + return 0; |
| 134 | + if (!name[0]) |
| 135 | + return 1; |
| 136 | + //Do we want this? |
| 137 | + //return ((name - start) < 1025); /* NS_MAXDNAME */ |
| 138 | + name++; |
| 139 | + } |
| 140 | +} |
| 141 | + |
| 142 | /* Create "opt_name=opt_value" string */ |
| 143 | static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_optflag *optflag, const char *opt_name) |
| 144 | { |
| 145 | @@ -185,8 +243,11 @@ static NOINLINE char *xmalloc_optname_op |
| 146 | break; |
| 147 | } |
| 148 | case OPTION_STRING: |
| 149 | + case OPTION_STRING_HOST: |
| 150 | memcpy(dest, option, len); |
| 151 | dest[len] = '\0'; |
| 152 | + if (type == OPTION_STRING_HOST && !good_hostname(dest)) |
| 153 | + safe_strncpy(dest, "bad", len); |
| 154 | return ret; /* Short circuit this case */ |
| 155 | case OPTION_STATIC_ROUTES: { |
| 156 | /* Option binary format: |
| 157 | @@ -314,6 +375,7 @@ static char **fill_envp(struct dhcp_pack |
| 158 | /* +1 element for each option, +2 for subnet option: */ |
| 159 | if (packet) { |
| 160 | /* note: do not search for "pad" (0) and "end" (255) options */ |
| 161 | +//TODO: change logic to scan packet _once_ |
| 162 | for (i = 1; i < 255; i++) { |
| 163 | temp = udhcp_get_option(packet, i); |
| 164 | if (temp) { |
| 165 | |
