diff options
| author |   krw <krw@openbsd.org> | 2016-08-05 14:02:23 +0000 |
|---|---|---|
| committer | krw <krw@openbsd.org> | 2016-08-05 14:02:23 +0000 |
| commit | 94bf53e6bc0173179c29ffa553cab2f2f9e0534f (patch) | |
| tree | 526502621bb9d8fada3888d4ce76a8524dba71a3 /usr.sbin | |
| parent | All four arguments can be omitted by specifying a dash. (diff) | |
| download | wireguard-openbsd-94bf53e6bc0173179c29ffa553cab2f2f9e0534f.tar.xz wireguard-openbsd-94bf53e6bc0173179c29ffa553cab2f2f9e0534f.zip | |
Don't leak the option data of non-DHCPINFORM messages received on
the udp socket.
Found by David Carlier.
ok yasuoka@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/dhcpd/dhcp.c | 10 | ||||
| -rw-r--r-- | usr.sbin/dhcpd/dhcpd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/dhcpd/options.c | 11 |
3 files changed, 12 insertions, 13 deletions
diff --git a/usr.sbin/dhcpd/dhcp.c b/usr.sbin/dhcpd/dhcp.c index 18dc8c40a38..2bef0107575 100644 --- a/usr.sbin/dhcpd/dhcp.c +++ b/usr.sbin/dhcpd/dhcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcp.c,v 1.45 2016/02/06 23:50:10 krw Exp $ */ +/* $OpenBSD: dhcp.c,v 1.46 2016/08/05 14:02:23 krw Exp $ */ /* * Copyright (c) 1995, 1996, 1997, 1998, 1999 @@ -62,11 +62,17 @@ int outstanding_pings; static char dhcp_message[256]; void -dhcp(struct packet *packet) +dhcp(struct packet *packet, int is_udpsock) { if (!locate_network(packet) && packet->packet_type != DHCPREQUEST) return; + if (is_udpsock && packet->packet_type != DHCPINFORM) { + note("Unable to handle a DHCP message type=%d on UDP " + "socket", packet->packet_type); + return; + } + switch (packet->packet_type) { case DHCPDISCOVER: dhcpdiscover(packet); diff --git a/usr.sbin/dhcpd/dhcpd.h b/usr.sbin/dhcpd/dhcpd.h index 4cc611d4283..28a53741a9b 100644 --- a/usr.sbin/dhcpd/dhcpd.h +++ b/usr.sbin/dhcpd/dhcpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcpd.h,v 1.53 2016/02/06 23:50:10 krw Exp $ */ +/* $OpenBSD: dhcpd.h,v 1.54 2016/08/05 14:02:23 krw Exp $ */ /* * Copyright (c) 1995, 1996, 1997, 1998, 1999 @@ -532,7 +532,7 @@ int tree_evaluate(struct tree_cache *); /* dhcp.c */ extern int outstanding_pings; -void dhcp(struct packet *); +void dhcp(struct packet *, int); void dhcpdiscover(struct packet *); void dhcprequest(struct packet *); void dhcprelease(struct packet *); diff --git a/usr.sbin/dhcpd/options.c b/usr.sbin/dhcpd/options.c index 5ca9a4383fb..ce9c7ff30ba 100644 --- a/usr.sbin/dhcpd/options.c +++ b/usr.sbin/dhcpd/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.30 2016/02/06 23:50:10 krw Exp $ */ +/* $OpenBSD: options.c,v 1.31 2016/08/05 14:02:23 krw Exp $ */ /* DHCP options parsing and reassembly. */ @@ -547,15 +547,8 @@ do_packet(struct interface_info *interface, struct dhcp_packet *packet, tp.options[DHO_DHCP_MESSAGE_TYPE].data) tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0]; - if (interface->is_udpsock) { - if (tp.packet_type != DHCPINFORM) { - note("Unable to handle a DHCP message type=%d on UDP " - "socket", tp.packet_type); - return; - } - } if (tp.packet_type) - dhcp(&tp); + dhcp(&tp, interface->is_udpsock); else bootp(&tp); |