Enforce dhclient.conf prohibitions on nesting 'interface'

declarations and placing 'lease' declarations inside
'interface' declarations.

Document and enforce requirement that all 'lease'
declarations must specify the interface to which they
apply.

Ignore static leases that apply to other interfaces rather
than complaining the interface name is wrong and using the
lease anyway.

4 files changed, 36 insertions, 23 deletions

diff --git a/sbin/dhclient/clparse.c b/sbin/dhclient/clparse.c
index 04fb8f79fc4..8e057b9c99b 100644
--- a/sbin/dhclient/clparse.c
+++ b/sbin/dhclient/clparse.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: clparse.c,v 1.146 2017/10/21 14:40:13 krw Exp $	*/
+/*	$OpenBSD: clparse.c,v 1.147 2017/10/23 13:01:20 krw Exp $	*/
 
 /* Parser for dhclient config and lease files. */
 
@@ -64,7 +64,7 @@
 #include "dhctoken.h"
 #include "log.h"
 
-void			 parse_client_statement(FILE *, char *);
+void			 parse_client_statement(FILE *, char *, int);
 int			 parse_hex_octets(FILE *, unsigned int *, uint8_t **);
 int			 parse_option_list(FILE *, int *, uint8_t *);
 int			 parse_interface_declaration(FILE *, char *);
@@ -167,7 +167,7 @@ read_client_conf(char *name)
 			token = peek_token(NULL, cfile);
 			if (token == EOF)
 				break;
-			parse_client_statement(cfile, name);
+			parse_client_statement(cfile, name, 0);
 		} while (1);
 		fclose(cfile);
 	}
@@ -230,10 +230,12 @@ read_client_leases(char *name, struct client_lease_tq *tq)
  *	TOK_SEND option-decl			|
  *	TOK_SERVER_NAME string			|
  *	TOK_SUPERSEDE option-decl		|
- *	TOK_TIMEOUT number			|
+ *	TOK_TIMEOUT number
+ *
+ * If nested == 1 then TOK_INTERFACE and TOK_LEASE are not allowed.
  */
 void
-parse_client_statement(FILE *cfile, char *name)
+parse_client_statement(FILE *cfile, char *name, int nested)
 {
 	struct client_lease	*lp;
 	char			*val;
@@ -279,11 +281,17 @@ parse_client_statement(FILE *cfile, char *name)
 			parse_semi(cfile);
 		break;
 	case TOK_INTERFACE:
-		if (parse_interface_declaration(cfile, name) == 1)
+		if (nested == 1) {
+			parse_warn("expecting statement.");
+			skip_to_semi(cfile);
+		} else if (parse_interface_declaration(cfile, name) == 1)
 			;
 		break;
 	case TOK_LEASE:
-		if (parse_client_lease_statement(cfile, name, &lp) == 1)
+		if (nested == 1) {
+			parse_warn("expecting statement.");
+			skip_to_semi(cfile);
+		} else if (parse_client_lease_statement(cfile, name, &lp) == 1)
 			add_lease(&config->static_leases, lp);
 		break;
 	case TOK_LINK_TIMEOUT:
@@ -489,7 +497,7 @@ parse_interface_declaration(FILE *cfile, char *name)
 			token = next_token(NULL, cfile);
 			return 1;
 		}
-		parse_client_statement(cfile, name);
+		parse_client_statement(cfile, name, 1);
 	} while (1);
 
 	return 0;
@@ -528,11 +536,17 @@ parse_client_lease_statement(FILE *cfile, char *name,
 		if (token == EOF) {
 			parse_warn("unterminated lease declaration.");
 			free_client_lease(lease);
-			return 0;
+			break;
 		}
 		if (token == '}') {
 			token = next_token(NULL, cfile);
-			*lp = lease;
+			if (lease->interface != NULL &&
+			    strcmp(name, lease->interface) == 0)
+				*lp = lease;
+			else {
+				*lp = NULL;
+				free_client_lease(lease);
+			}
 			return 1;
 		}
 		parse_client_lease_declaration(cfile, lease, name);
@@ -561,7 +575,7 @@ parse_client_lease_declaration(FILE *cfile, struct client_lease *lease,
 {
 	char		*val;
 	unsigned int	 len;
-	int		 i, rslt, token;
+	int		 i, token;
 
 	token = next_token(&val, cfile);
 
@@ -586,14 +600,8 @@ parse_client_lease_declaration(FILE *cfile, struct client_lease *lease,
 	case TOK_INTERFACE:
 		if (parse_string(cfile, NULL, &val) == 0)
 			return;
-		rslt = strcmp(name, val);
-		free(val);
-		if (rslt != 0) {
-			if (lease->is_static == 0)
-				parse_warn("wrong interface name.");
-			skip_to_semi(cfile);
-			return;
-		}
+		free(lease->interface);
+		lease->interface = val;
 		break;
 	case TOK_NEXT_SERVER:
 		if (parse_ip_addr(cfile, &lease->next_server) == 0)
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 08b7bd76ae1..883a136be19 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.514 2017/09/28 21:25:49 krw Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.515 2017/10/23 13:01:20 krw Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -1701,6 +1701,7 @@ free_client_lease(struct client_lease *lease)
 	if (lease == NULL || lease->is_static)
 		return;
 
+	free(lease->interface);
 	free(lease->server_name);
 	free(lease->filename);
 	for (i = 0; i < DHO_COUNT; i++)
diff --git a/sbin/dhclient/dhclient.leases.5 b/sbin/dhclient/dhclient.leases.5
index b43b8bc7392..6412ae5b727 100644
--- a/sbin/dhclient/dhclient.leases.5
+++ b/sbin/dhclient/dhclient.leases.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dhclient.leases.5,v 1.10 2017/10/20 13:04:50 krw Exp $
+.\"	$OpenBSD: dhclient.leases.5,v 1.11 2017/10/23 13:01:20 krw Exp $
 .\"
 .\" Copyright (c) 1997 The Internet Software Consortium.
 .\" All rights reserved.
@@ -36,7 +36,7 @@
 .\" see ``http://www.isc.org/isc''.  To learn more about Vixie
 .\" Enterprises, see ``http://www.vix.com''.
 .\"
-.Dd $Mdocdate: October 20 2017 $
+.Dd $Mdocdate: October 23 2017 $
 .Dt DHCLIENT.LEASES 5
 .Os
 .Sh NAME
@@ -113,6 +113,9 @@ The IPv4 address is specified as a dotted quad (e.g. 12.34.56.78).
 .Pp
 .It Ic interface Qq Ar string
 The interface on which the lease is valid.
+Every lease must contain an
+.Ic interface
+declaration.
 .Pp
 .It Ic next-server Ar ip-address
 The IPv4 address of the boot server.
diff --git a/sbin/dhclient/dhcpd.h b/sbin/dhclient/dhcpd.h
index 6ed5f6d8f46..e15371f2e11 100644
--- a/sbin/dhclient/dhcpd.h
+++ b/sbin/dhclient/dhcpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhcpd.h,v 1.232 2017/10/14 15:31:46 krw Exp $	*/
+/*	$OpenBSD: dhcpd.h,v 1.233 2017/10/23 13:01:20 krw Exp $	*/
 
 /*
  * Copyright (c) 2004 Henning Brauer <henning@openbsd.org>
@@ -56,6 +56,7 @@ struct reject_elem {
 
 struct client_lease {
 	TAILQ_ENTRY(client_lease) next;
+	char			*interface;
 	time_t			 expiry, renewal, rebind;
 	struct in_addr		 address;
 	struct in_addr		 next_server;