From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 27 Apr 2011 13:56:47 +0200 Subject: [PATCH] dhclient string option checks Merged dhclient pretty escape and string option checks. Use relaxed domain-name option check causing a regression, when the server is misusing it to provide a domain list and does not provide it via the domain-search option; pretty escape semicolon as well (bnc#675052, CVE-2011-0997). Signed-off-by: Marius Tomaschewski --- client/dhclient.c | 8 ++++---- common/options.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/client/dhclient.c b/client/dhclient.c index 970b935..93db494 100644 --- a/client/dhclient.c +++ b/client/dhclient.c @@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease) } else { log_error("suspect value in %s " "option - discarded", - lease->filename); + "filename"); } } @@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease) } else { log_error("suspect value in %s " "option - discarded", - lease->server_name); + "server-name"); } } @@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots) const char *p; /* not empty or complete length not over 255 characters */ - if ((len == 0) || (len > 256)) + if ((len == 0) || (len >= 256)) return(-1); /* consists of [[:alnum:]-]+ labels separated by [.] */ @@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe, if ((universe == NULL) || (universe == &dhcp_universe)) { switch(opt) { case DHO_HOST_NAME: - case DHO_DOMAIN_NAME: case DHO_NIS_DOMAIN: case DHO_NETBIOS_SCOPE: return check_domain_name(ptr, len, 0); break; + case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */ case DHO_DOMAIN_SEARCH: return check_domain_name_list(ptr, len, 0); break; diff --git a/common/options.c b/common/options.c index c26f88c..8b4be65 100644 --- a/common/options.c +++ b/common/options.c @@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src, } } else if (**src == '"' || **src == '\'' || **src == '$' || **src == '`' || **src == '\\' || **src == '|' || - **src == '&') { + **src == '&' || **src == ';') { if (*dst + 2 > dend) return -1; -- 1.7.3.4