Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/roy]: src/external/bsd/dhcpcd/dist/src Import dhcpcd-8.0.5 with the foll...



details:   https://anonhg.NetBSD.org/src/rev/558c8df5946f
branches:  roy
changeset: 454293:558c8df5946f
user:      roy <roy%NetBSD.org@localhost>
date:      Fri Sep 13 10:58:31 2019 +0000

description:
Import dhcpcd-8.0.5 with the following changes:
  *  inet6: Fix default route not being installed
  *  DHCP: If root fs is network mounted, enable last lease extend
  *  man: Fix lint errors.
  *  DHCP: Give a better message when packet validation fails
  *  DHCP: Ensure we have enough data to checksum IP and UDP

The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3 when
the checksuming code was changed to accomodate variable length IP headers.

diffstat:

 external/bsd/dhcpcd/dist/src/common.c          |   33 +-
 external/bsd/dhcpcd/dist/src/common.h          |    1 +
 external/bsd/dhcpcd/dist/src/defs.h            |    2 +-
 external/bsd/dhcpcd/dist/src/dhcp.c            |   29 +-
 external/bsd/dhcpcd/dist/src/dhcpcd-embedded.c |  407 +++++++++++++++++++++++++
 external/bsd/dhcpcd/dist/src/dhcpcd-embedded.h |   32 +
 external/bsd/dhcpcd/dist/src/dhcpcd.c          |    6 +
 external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in  |    6 +-
 external/bsd/dhcpcd/dist/src/if-bsd.c          |    6 +
 external/bsd/dhcpcd/dist/src/ipv6.c            |   39 +-
 external/bsd/dhcpcd/dist/src/ipv6.h            |    2 +-
 external/bsd/dhcpcd/dist/src/ipv6nd.c          |    2 +-
 12 files changed, 512 insertions(+), 53 deletions(-)

diffs (truncated from 752 to 300 lines):

diff -r d65d9ad79e01 -r 558c8df5946f external/bsd/dhcpcd/dist/src/common.c
--- a/external/bsd/dhcpcd/dist/src/common.c     Sun Sep 08 20:46:17 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/common.c     Fri Sep 13 10:58:31 2019 +0000
@@ -26,28 +26,12 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/param.h>
-#include <sys/time.h>
-#ifdef __sun
-#include <sys/sysmacros.h>
-#endif
+#include <sys/statvfs.h>
 
-#include <assert.h>
 #include <ctype.h>
-#include <err.h>
 #include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#ifdef BSD
-#  include <paths.h>
-#endif
-#include <stdarg.h>
-#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
 
 #include "common.h"
 #include "dhcpcd.h"
@@ -153,3 +137,18 @@
        fclose(fp);
        return len;
 }
+
+int
+is_root_local(void)
+{
+#ifdef ST_LOCAL
+       struct statvfs vfs;
+
+       if (statvfs("/", &vfs) == -1)
+               return -1;
+       return vfs.f_flag & ST_LOCAL ? 1 : 0;
+#else
+       errno = ENOTSUP;
+       return -1;
+#endif
+}
diff -r d65d9ad79e01 -r 558c8df5946f external/bsd/dhcpcd/dist/src/common.h
--- a/external/bsd/dhcpcd/dist/src/common.h     Sun Sep 08 20:46:17 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/common.h     Fri Sep 13 10:58:31 2019 +0000
@@ -197,4 +197,5 @@
 const char *hwaddr_ntoa(const void *, size_t, char *, size_t);
 size_t hwaddr_aton(uint8_t *, const char *);
 size_t read_hwaddr_aton(uint8_t **, const char *);
+int is_root_local(void);
 #endif
diff -r d65d9ad79e01 -r 558c8df5946f external/bsd/dhcpcd/dist/src/defs.h
--- a/external/bsd/dhcpcd/dist/src/defs.h       Sun Sep 08 20:46:17 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/defs.h       Fri Sep 13 10:58:31 2019 +0000
@@ -29,7 +29,7 @@
 #define CONFIG_H
 
 #define PACKAGE                        "dhcpcd"
-#define VERSION                        "8.0.4"
+#define VERSION                        "8.0.5"
 
 #ifndef CONFIG
 # define CONFIG                        SYSCONFDIR "/" PACKAGE ".conf"
diff -r d65d9ad79e01 -r 558c8df5946f external/bsd/dhcpcd/dist/src/dhcp.c
--- a/external/bsd/dhcpcd/dist/src/dhcp.c       Sun Sep 08 20:46:17 2019 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.c       Fri Sep 13 10:58:31 2019 +0000
@@ -3250,7 +3250,7 @@
                .ip_dst = ip->ip_dst
        };
        size_t ip_hlen;
-       uint16_t ip_len, uh_sum;
+       uint16_t ip_len, udp_len, uh_sum;
        struct udphdr *udp;
        uint32_t csum;
 
@@ -3276,27 +3276,31 @@
                errno = ERANGE;
                return -1;
        }
-       /* Check we don't go beyond the payload */
+       /* Check IP doesn't go beyond the payload */
        if (ip_len > plen) {
                errno = ENOBUFS;
                return -1;
        }
 
-       if (flags & BPF_PARTIALCSUM)
+       /* Check UDP doesn't go beyond the payload */
+       udp = (struct udphdr *)(void *)((char *)ip + ip_hlen);
+       udp_len = ntohs(udp->uh_ulen);
+       if (udp_len > plen - ip_hlen) {
+               errno =  ENOBUFS;
+               return -1;
+       }
+
+       if (udp->uh_sum == 0 || flags & BPF_PARTIALCSUM)
                return 0;
 
        /* UDP checksum is based on a pseudo IP header alongside
         * the UDP header and payload. */
-       udp = (struct udphdr *)(void *)((char *)ip + ip_hlen);
-       if (udp->uh_sum == 0)
-               return 0;
-
        uh_sum = udp->uh_sum;
        udp->uh_sum = 0;
        pseudo_ip.ip_len = udp->uh_ulen;
        csum = 0;
        in_cksum(&pseudo_ip, sizeof(pseudo_ip), &csum);
-       csum = in_cksum(udp, ntohs(udp->uh_ulen), &csum);
+       csum = in_cksum(udp, udp_len, &csum);
        if (csum != uh_sum) {
                errno = EINVAL;
                return -1;
@@ -3338,12 +3342,13 @@
        const struct dhcp_state *state = D_CSTATE(ifp);
 
        if (valid_udp_packet(data, len, &from, state->bpf_flags) == -1) {
+               const char *errstr;
+
                if (errno == EINVAL)
-                       logerrx("%s: checksum failure from %s",
-                         ifp->name, inet_ntoa(from));
+                       errstr = "checksum failure";
                else
-                       logerr("%s: invalid UDP packet from %s",
-                         ifp->name, inet_ntoa(from));
+                       errstr = "invalid UDP packet";
+               logerrx("%s: %s from %s", errstr, ifp->name, inet_ntoa(from));
                return;
        }
 
diff -r d65d9ad79e01 -r 558c8df5946f external/bsd/dhcpcd/dist/src/dhcpcd-embedded.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcpcd-embedded.c    Fri Sep 13 10:58:31 2019 +0000
@@ -0,0 +1,407 @@
+/*
+ * DO NOT EDIT!
+ * Automatically generated from dhcpcd-embedded.conf
+ * Ths allows us to simply generate DHCP structure without any C programming.
+ */
+
+/*
+ * dhcpcd - DHCP client daemon
+ * Copyright (c) 2006-2019 Roy Marples <roy%marples.name@localhost>
+ * All rights reserved
+
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <unistd.h>
+
+const char * const dhcpcd_embedded_conf[] = {
+"define 1 request ipaddress subnet_mask",
+"define 121 rfc3442 classless_static_routes",
+"define 249 rfc3442 ms_classless_static_routes",
+"define 33 request array ipaddress static_routes",
+"define 3 request array ipaddress routers",
+"define 2 uint32 time_offset",
+"define 4 array ipaddress time_servers",
+"define 5 array ipaddress ien116_name_servers",
+"define 6 array ipaddress domain_name_servers",
+"define 7 array ipaddress log_servers",
+"define 8 array ipaddress cookie_servers",
+"define 9 array ipaddress lpr_servers",
+"define 10 array ipaddress impress_servers",
+"define 11 array ipaddress resource_location_servers",
+"define 12 dname host_name",
+"define 13 uint16 boot_size",
+"define 14 string merit_dump",
+"define 15 array dname domain_name",
+"define 16 ipaddress swap_server",
+"define 17 string root_path",
+"define 18 string extensions_path",
+"define 19 byte ip_forwarding",
+"define 20 byte non_local_source_routing",
+"define 21 array ipaddress policy_filter",
+"define 22 uint16 max_dgram_reassembly",
+"define 23 byte default_ip_ttl",
+"define 24 uint32 path_mtu_aging_timeout",
+"define 25 array uint16 path_mtu_plateau_table",
+"define 26 uint16 interface_mtu",
+"define 27 byte all_subnets_local",
+"define 28 request ipaddress broadcast_address",
+"define 29 byte perform_mask_discovery",
+"define 30 byte mask_supplier",
+"define 31 byte router_discovery",
+"define 32 ipaddress router_solicitation_address",
+"define 34 byte trailer_encapsulation",
+"define 35 uint32 arp_cache_timeout",
+"define 36 uint16 ieee802_3_encapsulation",
+"define 37 byte default_tcp_ttl",
+"define 38 uint32 tcp_keepalive_interval",
+"define 39 byte tcp_keepalive_garbage",
+"define 40 string nis_domain",
+"define 41 array ipaddress nis_servers",
+"define 42 array ipaddress ntp_servers",
+"define 43 binhex vendor_encapsulated_options",
+"define 44 array ipaddress netbios_name_servers",
+"define 45 ipaddress netbios_dd_server",
+"define 46 byte netbios_node_type",
+"define 47 string netbios_scope",
+"define 48 array ipaddress font_servers",
+"define 49 array ipaddress x_display_manager",
+"define 50 ipaddress dhcp_requested_address",
+"define 51 request uint32 dhcp_lease_time",
+"define 52 byte dhcp_option_overload",
+"define 53 byte dhcp_message_type",
+"define 54 ipaddress dhcp_server_identifier",
+"define 55 array byte dhcp_parameter_request_list",
+"define 56 string dhcp_message",
+"define 57 uint16 dhcp_max_message_size",
+"define 58 request uint32 dhcp_renewal_time",
+"define 59 request uint32 dhcp_rebinding_time",
+"define 60 string vendor_class_identifier",
+"define 61 binhex dhcp_client_identifier",
+"define 64 string nisplus_domain",
+"define 65 array ipaddress nisplus_servers",
+"define 66 dname tftp_server_name",
+"define 67 string bootfile_name",
+"define 68 array ipaddress mobile_ip_home_agent",
+"define 69 array ipaddress smtp_server",
+"define 70 array ipaddress pop_server",
+"define 71 array ipaddress nntp_server",
+"define 72 array ipaddress www_server",
+"define 73 array ipaddress finger_server",
+"define 74 array ipaddress irc_server",
+"define 75 array ipaddress streettalk_server",
+"define 76 array ipaddress streettalk_directory_assistance_server",
+"define 77 binhex user_class",
+"define 78 embed slp_agent",
+"embed byte mandatory",
+"embed array ipaddress address",
+"define 79 embed slp_service",
+"embed byte mandatory",
+"embed ascii scope_list",
+"define 80 norequest flag rapid_commit",
+"define 81 embed fqdn",
+"embed bitflags=0000NEOS flags",
+"embed byte rcode1",
+"embed byte rcode2",
+"embed optional domain fqdn",
+"define 83 embed isns",
+"embed byte reserved1",
+"embed bitflags=00000SAE functions",
+"embed byte reserved2",
+"embed bitflags=00fFsSCE dd",
+"embed byte reserved3",
+"embed bitflags=0000DMHE admin",
+"embed uint16 reserved4",
+"embed byte reserved5",
+"embed bitflags=0TXPAMSE server_security",
+"embed array ipaddress servers",
+"define 85 array ipaddress nds_servers",
+"define 86 raw nds_tree_name",
+"define 87 raw nds_context",
+"define 88 array domain bcms_controller_names",
+"define 89 array ipaddress bcms_controller_address",
+"define 90 embed auth",
+"embed byte protocol",
+"embed byte algorithm",
+"embed byte rdm",
+"embed binhex:8 replay",
+"embed binhex information",
+"define 91 uint32 client_last_transaction_time",
+"define 92 array ipaddress associated_ip",
+"define 98 string uap_servers",
+"define 99 encap geoconf_civic",
+"embed byte what",
+"embed uint16 country_code",
+"define 100 string posix_timezone",



Home | Main Index | Thread Index | Old Index