Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/roy]: src/external/bsd/dhcpcd/dist Import dhcpcd-7.2.1 with the followin...
details: https://anonhg.NetBSD.org/src/rev/a243c030c783
branches: roy
changeset: 450813:a243c030c783
user: roy <roy%NetBSD.org@localhost>
date: Fri Apr 26 14:32:27 2019 +0000
description:
Import dhcpcd-7.2.1 with the following changes:
* auth: Use consttime_memequal to avoid latency attack
* DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
* DHCPv6: Fix a potential buffer overflow reading NA/TA addresses
diffstat:
external/bsd/dhcpcd/dist/compat/consttime_memequal.h | 28 ++
external/bsd/dhcpcd/dist/configure | 22 +
external/bsd/dhcpcd/dist/src/auth.c | 8 +-
external/bsd/dhcpcd/dist/src/control.c | 2 +-
external/bsd/dhcpcd/dist/src/defs.h | 2 +-
external/bsd/dhcpcd/dist/src/dhcp.c | 14 +-
external/bsd/dhcpcd/dist/src/dhcp6.c | 6 +-
external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in | 5 +-
external/bsd/dhcpcd/dist/src/dhcpcd.h | 2 +
external/bsd/dhcpcd/dist/src/if-bsd.c | 8 +-
external/bsd/dhcpcd/dist/src/if-sun.c | 264 +++++++++++-------
external/bsd/dhcpcd/dist/src/ipv4.h | 3 +-
external/bsd/dhcpcd/dist/src/ipv4ll.c | 8 +-
external/bsd/dhcpcd/dist/src/ipv6.c | 2 +
external/bsd/dhcpcd/dist/src/ipv6.h | 14 +-
external/bsd/dhcpcd/dist/src/ipv6nd.c | 181 +++++++++---
external/bsd/dhcpcd/dist/src/ipv6nd.h | 3 +
17 files changed, 402 insertions(+), 170 deletions(-)
diffs (truncated from 1205 to 300 lines):
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/compat/consttime_memequal.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/dhcpcd/dist/compat/consttime_memequal.h Fri Apr 26 14:32:27 2019 +0000
@@ -0,0 +1,28 @@
+/*
+ * Written by Matthias Drochner <drochner%NetBSD.org@localhost>.
+ * Public domain.
+ */
+
+#ifndef CONSTTIME_MEMEQUAL_H
+#define CONSTTIME_MEMEQUAL_H
+inline static int
+consttime_memequal(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *c1 = b1, *c2 = b2;
+ unsigned int res = 0;
+
+ while (len--)
+ res |= *c1++ ^ *c2++;
+
+ /*
+ * Map 0 to 1 and [1, 256) to 0 using only constant-time
+ * arithmetic.
+ *
+ * This is not simply `!res' because although many CPUs support
+ * branchless conditional moves and many compilers will take
+ * advantage of them, certain compilers generate branches on
+ * certain CPUs for `!res'.
+ */
+ return (1 & ((res - 1) >> 8));
+}
+#endif /* CONSTTIME_MEMEQUAL_H */
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/configure
--- a/external/bsd/dhcpcd/dist/configure Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/configure Fri Apr 26 14:32:27 2019 +0000
@@ -13,6 +13,7 @@
INET6=
ARC4RANDOM=
CLOSEFROM=
+CONSTTIME_MEMEQUAL=
STRLCPY=
UDEV=
OS=
@@ -846,6 +847,27 @@
echo "#include \"compat/strtoi.h\"" >>$CONFIG_H
fi
+if [ -z "$CONSTTIME_MEMEQUAL" ]; then
+ printf "Testing for consttime_memequal ... "
+ cat <<EOF >_consttime_memequal.c
+#include <string.h>
+int main(void) {
+ return consttime_memequal("deadbeef", "deadbeef", 8);
+}
+EOF
+ if $XCC _consttime_memequal.c -o _consttime_memequal 2>&3; then
+ CONSTTIME_MEMEQUAL=yes
+ else
+ CONSTTIME_MEMEQUAL=no
+ fi
+ echo "$CONSTTIME_MEMEQUAL"
+ rm -f _consttime_memequal.c _consttime_memequal
+fi
+if [ "$CONSTTIME_MEMEQUAL" = no ]; then
+ echo "#include \"compat/consttime_memequal.h\"" \
+ >>$CONFIG_H
+fi
+
if [ -z "$DPRINTF" ]; then
printf "Testing for dprintf ... "
cat <<EOF >_dprintf.c
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/auth.c
--- a/external/bsd/dhcpcd/dist/src/auth.c Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.c Fri Apr 26 14:32:27 2019 +0000
@@ -117,7 +117,11 @@
m = vm;
data = vdata;
- /* Ensure that d is inside m which *may* not be the case for DHPCPv4 */
+ /* Ensure that d is inside m which *may* not be the case for DHCPv4.
+ * This can occur if the authentication option is split using
+ * DHCP long option from RFC 3399. Section 9 which does infact note that
+ * implementations should take this into account.
+ * Fixing this would be problematic, patches welcome. */
if (data < m || data > m + mlen || data + dlen > m + mlen) {
errno = ERANGE;
return NULL;
@@ -354,7 +358,7 @@
}
free(mm);
- if (memcmp(d, &hmac_code, dlen)) {
+ if (!consttime_memequal(d, &hmac_code, dlen)) {
errno = EPERM;
return NULL;
}
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/control.c
--- a/external/bsd/dhcpcd/dist/src/control.c Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/control.c Fri Apr 26 14:32:27 2019 +0000
@@ -318,7 +318,7 @@
if ((fd = make_sock(&sa, ifname, 0)) != -1) {
socklen_t len;
-
+
len = (socklen_t)SUN_LEN(&sa);
if (connect(fd, (struct sockaddr *)&sa, len) == -1) {
close(fd);
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/defs.h
--- a/external/bsd/dhcpcd/dist/src/defs.h Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/defs.h Fri Apr 26 14:32:27 2019 +0000
@@ -28,7 +28,7 @@
#define CONFIG_H
#define PACKAGE "dhcpcd"
-#define VERSION "7.2.0"
+#define VERSION "7.2.1"
#ifndef CONFIG
# define CONFIG SYSCONFDIR "/" PACKAGE ".conf"
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/dhcp.c
--- a/external/bsd/dhcpcd/dist/src/dhcp.c Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.c Fri Apr 26 14:32:27 2019 +0000
@@ -215,6 +215,12 @@
}
l = *p++;
+ /* Check we can read the option data, if present */
+ if (p + l > e) {
+ errno = EINVAL;
+ return NULL;
+ }
+
if (o == DHO_OPTSOVERLOADED) {
/* Ensure we only get this option once by setting
* the last bit as well as the value.
@@ -249,10 +255,6 @@
bp += ol;
}
ol = l;
- if (p + ol >= e) {
- errno = EINVAL;
- return NULL;
- }
op = p;
bl += ol;
}
@@ -2075,7 +2077,7 @@
ifp->name, inet_ntoa(astate->addr));
if (!(ifo->options & DHCPCD_INFORM))
dhcp_bind(ifp);
-#ifndef IN_IFF_TENTATIVE
+#ifndef IN_IFF_DUPLICATED
else {
struct bootp *bootp;
size_t len;
@@ -2429,7 +2431,7 @@
if (astate == NULL)
return -1;
-#ifdef IN_IFF_TENTATIVE
+#ifdef IN_IFF_NOTUSEABLE
if (ia == NULL || ia->addr_flags & IN_IFF_NOTUSEABLE) {
state->state = DHS_PROBE;
if (ia == NULL) {
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/dhcp6.c
--- a/external/bsd/dhcpcd/dist/src/dhcp6.c Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp6.c Fri Apr 26 14:32:27 2019 +0000
@@ -2029,12 +2029,12 @@
nd = o + ol;
l -= (size_t)(nd - d);
d = nd;
- if (ol < 24) {
+ if (ol < sizeof(ia)) {
errno = EINVAL;
logerrx("%s: IA Address option truncated", ifp->name);
continue;
}
- memcpy(&ia, o, ol);
+ memcpy(&ia, o, sizeof(ia));
ia.pltime = ntohl(ia.pltime);
ia.vltime = ntohl(ia.vltime);
/* RFC 3315 22.6 */
@@ -3035,7 +3035,7 @@
* unless those values in those fields are 0.
*/
logwarnx("%s: ignoring T1 %"PRIu32
- " to due address expiry",
+ " due to address expiry",
ifp->name, state->renew);
state->renew = state->rebind = 0;
}
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in
--- a/external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in Fri Apr 26 14:32:27 2019 +0000
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd September 15, 2018
+.Dd April 24, 2019
.Dt DHCPCD.CONF 5
.Os
.Sh NAME
@@ -376,8 +376,7 @@
noipv6rs # disable routing solicitation
denyinterfaces eth2 # Don't touch eth2 at all
interface eth0
- ipv6rs # enable routing solicitation get the
- # default IPv6 route
+ ipv6rs # enable routing solicitation for eth0
ia_na 1 # request an IPv6 address
ia_pd 2 eth1/0 # request a PD and assign it to eth1
ia_pd 3 eth2/1 eth3/2 # req a PD and assign it to eth2 and eth3
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/dhcpcd.h
--- a/external/bsd/dhcpcd/dist/src/dhcpcd.h Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcpcd.h Fri Apr 26 14:32:27 2019 +0000
@@ -180,7 +180,9 @@
uint8_t *secret;
size_t secret_len;
+#ifndef __sun
int nd_fd;
+#endif
struct ra_head *ra_routers;
int dhcp6_fd;
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/if-bsd.c
--- a/external/bsd/dhcpcd/dist/src/if-bsd.c Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/if-bsd.c Fri Apr 26 14:32:27 2019 +0000
@@ -943,10 +943,15 @@
priv = (struct priv *)ia->iface->ctx->priv;
if (ioctl(priv->pf_inet6_fd, SIOCGIFALIFETIME_IN6, &ifr6) == -1)
return -1;
+ clock_gettime(CLOCK_MONOTONIC, &ia->created);
+#if defined(__FreeBSD__) || defined(__DragonFly__)
+ t = ia->created.tv_sec;
+#else
t = time(NULL);
+#endif
+
lifetime = &ifr6.ifr_ifru.ifru_lifetime;
-
if (lifetime->ia6t_preferred)
ia->prefix_pltime = (uint32_t)(lifetime->ia6t_preferred -
MIN(t, lifetime->ia6t_preferred));
@@ -956,7 +961,6 @@
ia->prefix_vltime = (uint32_t)(lifetime->ia6t_expire -
MIN(t, lifetime->ia6t_expire));
/* Calculate the created time */
- clock_gettime(CLOCK_MONOTONIC, &ia->created);
ia->created.tv_sec -= lifetime->ia6t_vltime - ia->prefix_vltime;
} else
ia->prefix_vltime = ND6_INFINITE_LIFETIME;
diff -r de341945ddb1 -r a243c030c783 external/bsd/dhcpcd/dist/src/if-sun.c
--- a/external/bsd/dhcpcd/dist/src/if-sun.c Wed Apr 17 23:33:08 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/if-sun.c Fri Apr 26 14:32:27 2019 +0000
@@ -74,9 +74,9 @@
#endif
#ifndef RT_ROUNDUP
-#define RT_ROUNDUP(a) \
- ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
-#define RT_ADVANCE(x, n) (x += RT_ROUNDUP(salen(n)))
+#define RT_ROUNDUP(a) \
+ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(int32_t) - 1))) : sizeof(int32_t))
+#define RT_ADVANCE(x, n) ((x) += RT_ROUNDUP(salen((n))))
#endif
#define COPYOUT(sin, sa) do { \
@@ -268,6 +268,7 @@
if_newaddr(const char *ifname, void *arg)
{
struct linkwalk *lw = arg;
+ int error;
struct ifaddrs *ifa;
dlpi_handle_t dh;
dlpi_info_t dlinfo;
@@ -276,7 +277,10 @@
struct sockaddr_dl *sdl;
ifa = NULL;
- if (dlpi_open(ifname, &dh, 0) != DLPI_SUCCESS)
+ error = dlpi_open(ifname, &dh, 0);
+ if (error == DLPI_ENOLINK) /* Just vanished or in global zone */
+ return B_FALSE;
+ if (error != DLPI_SUCCESS)
goto failed1;
if (dlpi_info(dh, &dlinfo, 0) != DLPI_SUCCESS)
goto failed;
@@ -317,7 +321,7 @@
ifa->ifa_next = lw->lw_ifa;
lw->lw_ifa = ifa;
dlpi_close(dh);
- return (B_FALSE);
+ return B_FALSE;
failed:
dlpi_close(dh);
Home |
Main Index |
Thread Index |
Old Index