diff options
Diffstat (limited to 'patches/source/dhcpcd/patches')
-rw-r--r-- | patches/source/dhcpcd/patches/config.h.diff | 17 | ||||
-rw-r--r-- | patches/source/dhcpcd/patches/dhcpcd.8.in.diff | 12 | ||||
-rw-r--r-- | patches/source/dhcpcd/patches/dhcpcd.sh.diff | 17 | ||||
-rw-r--r-- | patches/source/dhcpcd/patches/dhcpcd3.sanitize_strings.diff | 346 |
4 files changed, 392 insertions, 0 deletions
diff --git a/patches/source/dhcpcd/patches/config.h.diff b/patches/source/dhcpcd/patches/config.h.diff new file mode 100644 index 000000000..7bdefb600 --- /dev/null +++ b/patches/source/dhcpcd/patches/config.h.diff @@ -0,0 +1,17 @@ +diff -Nur dhcpcd-3.2.3.orig/config.h dhcpcd-3.2.3/config.h +--- dhcpcd-3.2.3.orig/config.h 2008-02-25 02:28:19.000000000 -0600 ++++ dhcpcd-3.2.3/config.h 2009-03-06 14:55:01.998436374 -0600 +@@ -71,10 +71,10 @@ + + #define OPENNTPFILE ETCDIR "/ntpd.conf" + +-#define DEFAULT_SCRIPT ETCDIR "/" PACKAGE ".sh" ++#define DEFAULT_SCRIPT INFODIR "/" PACKAGE ".sh" + +-#define STATEDIR "/var" +-#define PIDFILE STATEDIR "/run/" PACKAGE "-%s.pid" ++#define STATEDIR INFODIR ++#define PIDFILE INFODIR "/" PACKAGE "-%s.pid" + + #ifndef INFODIR + # define INFODIR "/var/lib/dhcpcd" diff --git a/patches/source/dhcpcd/patches/dhcpcd.8.in.diff b/patches/source/dhcpcd/patches/dhcpcd.8.in.diff new file mode 100644 index 000000000..7486c769a --- /dev/null +++ b/patches/source/dhcpcd/patches/dhcpcd.8.in.diff @@ -0,0 +1,12 @@ +diff -Nur dhcpcd-3.2.3.orig/dhcpcd.8.in dhcpcd-3.2.3/dhcpcd.8.in +--- dhcpcd-3.2.3.orig/dhcpcd.8.in 2008-02-25 02:28:19.000000000 -0600 ++++ dhcpcd-3.2.3/dhcpcd.8.in 2009-03-06 19:36:02.207109931 -0600 +@@ -117,7 +117,7 @@ + up, down or new depending on the state of + .Nm . + .Nm +-ignores the exist code of the script. ++ignores the exit code of the script. + .Ss Fine tuning + You can fine tune the behaviour of + .Nm diff --git a/patches/source/dhcpcd/patches/dhcpcd.sh.diff b/patches/source/dhcpcd/patches/dhcpcd.sh.diff new file mode 100644 index 000000000..290665a98 --- /dev/null +++ b/patches/source/dhcpcd/patches/dhcpcd.sh.diff @@ -0,0 +1,17 @@ +--- a/dhcpcd.sh 2009-03-06 19:22:41.247171672 -0600 ++++ b/dhcpcd.sh 2009-03-06 19:24:19.186014526 -0600 +@@ -1,10 +1,10 @@ + #!/bin/sh + # +-# This is a sample /etc/dhcpcd.sh script. +-# /etc/dhcpcd.sh script is executed by dhcpcd daemon ++# This is a sample /etc/dhcpc/dhcpcd.sh script. ++# /etc/dhcpc/dhcpcd.sh script is executed by dhcpcd daemon + # any time it configures or shuts down interface. +-# The following parameters are passed to dhcpcd.exe script: +-# $1 = HostInfoFilePath, e.g "/var/lib/dhcpcd/dhcpcd-eth0.info" ++# The following parameters are passed to the dhcpcd.sh script: ++# $1 = HostInfoFilePath, e.g "/etc/dhcpc/dhcpcd-eth0.info" + # $2 = "up" if interface has been configured with the same + # IP address as before reboot; + # $2 = "down" if interface has been shut down; diff --git a/patches/source/dhcpcd/patches/dhcpcd3.sanitize_strings.diff b/patches/source/dhcpcd/patches/dhcpcd3.sanitize_strings.diff new file mode 100644 index 000000000..406846f3f --- /dev/null +++ b/patches/source/dhcpcd/patches/dhcpcd3.sanitize_strings.diff @@ -0,0 +1,346 @@ +From 1e664b472a2a915ad31567de729ee0a521db93d0 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski <mt@suse.de> +Date: Thu, 17 Mar 2011 22:18:16 +0100 +Subject: [PATCH] Discard string options with incorrect values + +Discard string options such as host and domain names +containing disallowed characters or beeing too long. +This proctive patch limits root-path to the a-zA-Z0-9, +space and the #%+-_:.,@~/\[]= characters. + +Signed-off-by: Marius Tomaschewski <mt@suse.de> +--- + configure.c | 15 +++--- + dhcp.c | 160 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + dhcp.h | 8 +++ + dhcpcd.c | 9 +++- + 4 files changed, 177 insertions(+), 15 deletions(-) + +diff --git a/configure.c b/configure.c +index 0969f73..24dd6e8 100644 +--- a/configure.c ++++ b/configure.c +@@ -453,7 +453,7 @@ static char *lookuphostname (char *hostname, const dhcp_t *dhcp, + char *addr; + struct addrinfo hints; + struct addrinfo *res = NULL; +- int result; ++ int result, check; + char *p; + + logger (LOG_DEBUG, "Looking up hostname via DNS"); +@@ -479,9 +479,10 @@ static char *lookuphostname (char *hostname, const dhcp_t *dhcp, + result = getaddrinfo (addr, "0", &hints, &res); + if (res) + freeaddrinfo (res); +- if (result == 0) ++ check = check_domain_name(addr, strlen(addr), 0); ++ if (result == 0 || check != 0) + logger (LOG_ERR, "malicious PTR record detected"); +- if (result == 0 || ! *addr) { ++ if (result == 0 || ! *addr || check != 0) { + free (addr); + return (NULL); + } +@@ -758,12 +759,12 @@ int configure (const options_t *options, interface_t *iface, + #endif + + curhostname = xmalloc (sizeof (char) * MAXHOSTNAMELEN); +- *curhostname = '\0'; ++ memset(curhostname, 0, MAXHOSTNAMELEN); + +- gethostname (curhostname, MAXHOSTNAMELEN); ++ gethostname (curhostname, MAXHOSTNAMELEN - 1); ++ curhostname[MAXHOSTNAMELEN - 1] = '\0'; + if (options->dohostname || +- strlen (curhostname) == 0 || +- strcmp (curhostname, "(none)") == 0 || ++ check_domain_name(curhostname, strlen (curhostname), 0) != 0 || + strcmp (curhostname, "localhost") == 0) + { + newhostname = xmalloc (sizeof (char) * MAXHOSTNAMELEN); +diff --git a/dhcp.c b/dhcp.c +index 8ed66da..5165078 100644 +--- a/dhcp.c ++++ b/dhcp.c +@@ -41,6 +41,8 @@ + #include <stdint.h> + #include <stdlib.h> + #include <string.h> ++#include <stddef.h> ++#include <ctype.h> + + #include "config.h" + +@@ -618,6 +620,106 @@ static struct route_head *decode_routers (const unsigned char *data, int length) + return (head); + } + ++int check_domain_name(const char *ptr, size_t len, int dots) ++{ ++ const char *p; ++ ++ /* not empty or complete length not over 255 characters */ ++ if (len == 0 || len > 256) ++ return -1; ++ ++ /* consists of [[:alnum:]-]+ labels separated by [.] */ ++ /* a [_] is against RFC but seems to be "widely used"... */ ++ for (p=ptr; *p && len-- > 0; p++) { ++ if ( *p == '-' || *p == '_') { ++ /* not allowed at begin or end of a label */ ++ if ((p - ptr) == 0 || len == 0 || p[1] == '.') ++ return -1; ++ } else ++ if ( *p == '.') { ++ /* each label has to be 1-63 characters; ++ we allow [.] at the end ('foo.bar.') */ ++ ptrdiff_t d = p - ptr; ++ if( d <= 0 || d >= 64) ++ return -1; ++ ptr = p + 1; /* jump to the next label */ ++ if(dots > 0 && len > 0) ++ dots--; ++ } else ++ if ( !isalnum((int)*p)) { ++ /* also numbers at the begin are fine */ ++ return -1; ++ } ++ } ++ return dots ? -1 : 0; ++} ++ ++int check_domain_name_list(const char *ptr, size_t len, int dots) ++{ ++ const char *p; ++ int ret = -1; /* at least one needed */ ++ ++ if (!ptr || !len) ++ return -1; ++ ++ for (p=ptr; *p && len > 0; p++, len--) { ++ if (*p != ' ') ++ continue; ++ if (p > ptr) { ++ if (check_domain_name(ptr, p - ptr, dots) != 0) ++ return -1; ++ ret = 0; ++ } ++ ptr = p + 1; ++ } ++ if (p > ptr) ++ return check_domain_name(ptr, p - ptr, dots); ++ else ++ return ret; ++} ++ ++int check_dhcpoption(unsigned char option, const char *ptr, size_t len) ++{ ++ if( !ptr) ++ return -1; ++ ++ switch (option) { ++ case DHCP_NETBIOSNODETYPE: ++ if(len == 1 && ((int)*ptr == 1 || (int)*ptr == 2 || ++ (int)*ptr == 4 || (int)*ptr == 8)) ++ return 0; ++ break; ++ case DHCP_HOSTNAME: ++ case DHCP_DNSDOMAIN: ++ case DHCP_NISDOMAIN: ++ case DHCP_NETBIOSSCOPE: ++ return check_domain_name(ptr, len, 0); ++ break; ++ case DHCP_SIPSERVER: ++ case DHCP_DNSSEARCH: ++ return check_domain_name_list(ptr, len, 0); ++ break; ++ case DHCP_ROOTPATH: ++ if( len == 0) ++ return -1; ++ for (; *ptr && len-- > 0; ptr++) { ++ if( !(isalnum((int)*ptr) || ++ *ptr == '#' || *ptr == '%' || ++ *ptr == '+' || *ptr == '-' || ++ *ptr == '_' || *ptr == ':' || ++ *ptr == '.' || *ptr == ',' || ++ *ptr == '@' || *ptr == '~' || ++ *ptr == '\\' || *ptr == '/' || ++ *ptr == '[' || *ptr == ']' || ++ *ptr == '=' || *ptr == ' ')) ++ return -1; ++ } ++ return 0; ++ break; ++ } ++ return -1; ++} ++ + int parse_dhcpmessage (dhcp_t *dhcp, const dhcpmessage_t *message) + { + const unsigned char *p = message->options; +@@ -646,8 +748,16 @@ int parse_dhcpmessage (dhcp_t *dhcp, const dhcpmessage_t *message) + dhcp->leasedfrom = tv.tv_sec; + dhcp->frominfo = false; + dhcp->address.s_addr = message->yiaddr; +- strlcpy (dhcp->servername, (char *) message->servername, +- sizeof (dhcp->servername)); ++ if (message->servername[0] != '\0' && ++ check_domain_name((const char *)message->servername, ++ strlen((const char *)message->servername), 0) != 0) ++ { ++ logger (LOG_ERR, "suspect value in SERVERNAME - discarded"); ++ dhcp->servername[0] = '\0'; ++ } else { ++ strlcpy (dhcp->servername, (char *) message->servername, ++ sizeof (dhcp->servername)); ++ } + + #define LEN_ERR \ + { \ +@@ -768,10 +878,20 @@ parse_start: + memcpy (_var, p, (size_t) length); \ + memset (_var + length, 0, 1); \ + } ++#define CHECKOPT(_opt,_var) \ ++ if(check_dhcpoption(_opt, (const char *)p, length) != 0) { \ ++ logger (LOG_ERR, "suspect value in option %s - discarded", #_opt); \ ++ if (_var) free (_var); \ ++ _var = NULL; \ ++ } + case DHCP_HOSTNAME: ++ CHECKOPT (DHCP_HOSTNAME, dhcp->hostname) ++ else + GETSTR (dhcp->hostname); + break; + case DHCP_DNSDOMAIN: ++ CHECKOPT (DHCP_DNSDOMAIN, dhcp->dnsdomain) ++ else + GETSTR (dhcp->dnsdomain); + break; + case DHCP_MESSAGE: +@@ -779,11 +899,15 @@ parse_start: + break; + #ifdef ENABLE_INFO + case DHCP_ROOTPATH: ++ CHECKOPT (DHCP_ROOTPATH, dhcp->rootpath) ++ else + GETSTR (dhcp->rootpath); + break; + #endif + #ifdef ENABLE_NIS + case DHCP_NISDOMAIN: ++ CHECKOPT (DHCP_NISDOMAIN, dhcp->nisdomain) ++ else + GETSTR (dhcp->nisdomain); + break; + #endif +@@ -814,11 +938,21 @@ parse_start: + case DHCP_DNSSEARCH: + MIN_LENGTH (1); + free (dhcp->dnssearch); ++ dhcp->dnssearch = NULL; + len = decode_search (p, length, NULL); + if (len > 0) { +- dhcp->dnssearch = xmalloc (len); +- decode_search (p, length, +- dhcp->dnssearch); ++ char *str = xmalloc (len); ++ decode_search (p, length, str); ++ if(check_dhcpoption(DHCP_DNSSEARCH, ++ str, len - 1) != 0) { ++ logger (LOG_ERR, ++ "suspect value in " ++ "option %s - discarded", ++ "DHCP_DNSSEARCH"); ++ free(str); ++ } else { ++ dhcp->dnssearch = str; ++ } + } + break; + +@@ -837,7 +971,20 @@ parse_start: + #ifdef ENABLE_INFO + case DHCP_SIPSERVER: + free (dhcp->sipservers); +- dhcp->sipservers = decode_sipservers (p,length); ++ dhcp->sipservers = NULL; ++ { ++ char *str = decode_sipservers (p,length); ++ if(check_dhcpoption(DHCP_SIPSERVER, ++ str, strlen(str)) != 0) { ++ logger (LOG_ERR, ++ "suspect value in " ++ "option %s - discarded", ++ "DHCP_SIPSERVER"); ++ free(str); ++ } else { ++ dhcp->sipservers = str; ++ } ++ } + break; + #endif + +@@ -873,6 +1020,7 @@ parse_start: + #undef LENGTH + #undef MIN_LENGTH + #undef MULT_LENGTH ++#undef CHECKOPT + + default: + logger (LOG_DEBUG, +diff --git a/dhcp.h b/dhcp.h +index cc66d13..d2cdc45 100644 +--- a/dhcp.h ++++ b/dhcp.h +@@ -86,6 +86,10 @@ enum DHCP_OPTIONS + DHCP_NISDOMAIN = 40, + DHCP_NISSERVER = 41, + DHCP_NTPSERVER = 42, ++ DHCP_NETBIOSNAMESERVER = 44, ++ DHCP_NETBIOSDDSERVER = 45, ++ DHCP_NETBIOSNODETYPE = 46, ++ DHCP_NETBIOSSCOPE = 47, + DHCP_ADDRESS = 50, + DHCP_LEASETIME = 51, + DHCP_OPTIONSOVERLOADED = 52, +@@ -213,4 +217,8 @@ ssize_t send_message (const interface_t *iface, const dhcp_t *dhcp, + void free_dhcp (dhcp_t *dhcp); + int parse_dhcpmessage (dhcp_t *dhcp, const dhcpmessage_t *message); + ++int check_dhcpoption (unsigned char option, const char *ptr, size_t len); ++int check_domain_name(const char *ptr, size_t len, int dots); ++int check_domain_name_list(const char *ptr, size_t len, int dots); ++ + #endif +diff --git a/dhcpcd.c b/dhcpcd.c +index e101847..318dd7f 100644 +--- a/dhcpcd.c ++++ b/dhcpcd.c +@@ -178,8 +178,10 @@ int main(int argc, char **argv) + options->doduid = true; + options->timeout = DEFAULT_TIMEOUT; + +- gethostname (options->hostname, sizeof (options->hostname)); +- if (strcmp (options->hostname, "(none)") == 0 || ++ memset (options->hostname, 0, sizeof (options->hostname)); ++ gethostname (options->hostname, sizeof (options->hostname) - 1); ++ options->hostname[sizeof (options->hostname) - 1] = '\0'; ++ if (check_domain_name(options->hostname, strlen(options->hostname), 0) != 0 || + strcmp (options->hostname, "localhost") == 0) + memset (options->hostname, 0, sizeof (options->hostname)); + +@@ -228,6 +230,9 @@ int main(int argc, char **argv) + "`%s' too long for HostName string, max is %d", + optarg, MAXHOSTNAMELEN); + goto abort; ++ } else if(check_domain_name(optarg, strlen(optarg), 0) != 0) { ++ logger (LOG_ERR, "suspect string in hostname argument"); ++ goto abort; + } else + strlcpy (options->hostname, optarg, + sizeof (options->hostname)); +-- +1.7.1 + |