Marius Tomaschewski
db15e53e32
dhclient pretty escape and string option checks. Use relaxed domain-name option check causing a regression, when the server is misusing it to provide a domain list and does not provide it via the domain-search option; pretty escape semicolon as well (bnc#675052, CVE-2011-0997). OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=64
78 lines
2.4 KiB
Diff
78 lines
2.4 KiB
Diff
From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001
|
|
From: Marius Tomaschewski <mt@suse.de>
|
|
Date: Wed, 27 Apr 2011 13:56:47 +0200
|
|
Subject: [PATCH] dhclient string option checks
|
|
|
|
Merged dhclient pretty escape and string option checks.
|
|
Use relaxed domain-name option check causing a regression, when the
|
|
server is misusing it to provide a domain list and does not provide
|
|
it via the domain-search option; pretty escape semicolon as well
|
|
(bnc#675052, CVE-2011-0997).
|
|
|
|
Signed-off-by: Marius Tomaschewski <mt@suse.de>
|
|
---
|
|
client/dhclient.c | 8 ++++----
|
|
common/options.c | 2 +-
|
|
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/client/dhclient.c b/client/dhclient.c
|
|
index 970b935..93db494 100644
|
|
--- a/client/dhclient.c
|
|
+++ b/client/dhclient.c
|
|
@@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease)
|
|
} else {
|
|
log_error("suspect value in %s "
|
|
"option - discarded",
|
|
- lease->filename);
|
|
+ "filename");
|
|
}
|
|
}
|
|
|
|
@@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease)
|
|
} else {
|
|
log_error("suspect value in %s "
|
|
"option - discarded",
|
|
- lease->server_name);
|
|
+ "server-name");
|
|
}
|
|
}
|
|
|
|
@@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
|
|
const char *p;
|
|
|
|
/* not empty or complete length not over 255 characters */
|
|
- if ((len == 0) || (len > 256))
|
|
+ if ((len == 0) || (len >= 256))
|
|
return(-1);
|
|
|
|
/* consists of [[:alnum:]-]+ labels separated by [.] */
|
|
@@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe,
|
|
if ((universe == NULL) || (universe == &dhcp_universe)) {
|
|
switch(opt) {
|
|
case DHO_HOST_NAME:
|
|
- case DHO_DOMAIN_NAME:
|
|
case DHO_NIS_DOMAIN:
|
|
case DHO_NETBIOS_SCOPE:
|
|
return check_domain_name(ptr, len, 0);
|
|
break;
|
|
+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
|
|
case DHO_DOMAIN_SEARCH:
|
|
return check_domain_name_list(ptr, len, 0);
|
|
break;
|
|
diff --git a/common/options.c b/common/options.c
|
|
index c26f88c..8b4be65 100644
|
|
--- a/common/options.c
|
|
+++ b/common/options.c
|
|
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
|
|
}
|
|
} else if (**src == '"' || **src == '\'' || **src == '$' ||
|
|
**src == '`' || **src == '\\' || **src == '|' ||
|
|
- **src == '&') {
|
|
+ **src == '&' || **src == ';') {
|
|
if (*dst + 2 > dend)
|
|
return -1;
|
|
|
|
--
|
|
1.7.3.4
|
|
|