summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Sync style with the existing _packed & _unused macrosVladislav Grishenko2016-01-312-2/+2
|
* Use more conventional way for the alignmentVladislav Grishenko2016-01-312-5/+10
|
* Merge pull request #44 from bwhacks/alignment-fixesSteven Barth2016-01-315-19/+44
|\ | | | | Alignment fixes
| * Fix alignment of hash buffer in dhcpv6_response_is_validBen Hutchings2016-01-281-1/+2
| | | | | | | | | | | | | | md5_final() writes to the hash buffer in 32-bit chunks, so it needs to be 32-bit aligned. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| * Fix unaligned 32-bit reads from DHCP packetsBen Hutchings2016-01-281-5/+13
| | | | | | | | Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| * Fix alignment of buffers in ra_process and dhcpv6_requestBen Hutchings2016-01-283-2/+6
| | | | | | | | | | | | | | | | | | | | The packet buffer needs to be 32-bit aligned to ensure that the various 32-bit fields we pick out are naturally aligned. The control message buffers needs to be naturally aligned for struct cmsghdr. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| * Add padding between odhcp6c_entry structures to ensure 32-bit alignmentBen Hutchings2016-01-284-11/+23
| | | | | | | | | | | | | | struct odhcp6c_entry is not declared as __packed, so the compiler may assume it is naturally aligned. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* | Merge pull request #43 from bwhacks/security-fixesSteven Barth2016-01-292-5/+5
|\ \ | |/ |/| Security/regression fixes
| * Fix end pointer passed from dhcpv6_handle_reply() to dhcpv6_parse_ia()Ben Hutchings2016-01-281-1/+1
| | | | | | | | | | | | The end of the IA option is odata + olen; there's no need to add anything. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| * Fix regression in entry_to_env()Ben Hutchings2016-01-281-4/+4
| | | | | | | | | | | | | | I broke entry_to_env() by incrementing the wrong variable in commit a6bbd1d7f5c2 ("Fix potential buffer overflow in entry_to_env"). Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* | Fix iteration after expiring a list entryBen Hutchings2016-01-281-2/+6
| | | | | | | | | | | | | | | | | | | | After removing an entry, the next entry will be at the same offset as the entry we just removed. Also the total length will have changed. Update the length when we remove an entry, and advance the offset only when we don't. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* | Fix script environment variable setting for empty listsBen Hutchings2016-01-281-4/+12
|/ | | | | | | | | | When setting an environment variable as a space-separated list, and the list is empty, we must not delete the '=' before the value. In practice putenv() is likely to discard the invalid string, leaving the variable unset, but this is not guaranteed. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Add missing option length checks in dhcpv6_handle_advertBen Hutchings2016-01-281-2/+4
| | | | | | | These might be redundant with checks elsewhere but it's better to be safe. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Fix potential log forgery via status stringBen Hutchings2016-01-281-6/+13
| | | | | | | | | We should not include any control characters from the server status message when logging it; in particular if we include '\n' this could result in additional arbitrary log lines. In dhcpv6_log_status_code, replace all control characters with '?'. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Check for unsupported PD exclusion configuration in dhcpv6_parse_iaBen Hutchings2016-01-281-1/+1
| | | | | | | | | | | | We currently only support PD exclusions that only affect bits 64-95 of the address, so we require: 32 <= PD prefix length < exclusion prefix length <= 64 The first inequality was not validated, and this could result in a buffer overflow when generating the next request message. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Fix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state failsBen Hutchings2016-01-281-1/+5
| | | | | | | | If we fail to store information from the new server, the associated NA and PD options will never be freed. An attacker could use this for denial-of-service. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Change odhcp6c_insert_state to return a success/failure indicatorBen Hutchings2016-01-282-3/+5
| | | | | | Some callers will need to free resources on failure. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Fix possible stack buffer overflow in s46_to_env when copying IPv6 prefixesBen Hutchings2016-01-281-3/+6
| | | | | | | An 8-bit prefix-length field can be as large as 255, but values larger than 128 will result in a buffer overflow when copying to in6. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Fix off-by-one in buffer length in int_to_envBen Hutchings2016-01-281-1/+1
| | | | | | | We need to allow for '=', negative sign, 10 digits and the null terminator, adding up to 13 bytes not 12. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Fix potential buffer overflow in entry_to_envBen Hutchings2016-01-281-9/+18
| | | | | | | | | | | | | | | It appears that an entry of type ENTRY_PREFIX with iaid != 1 and an exclusion can expand to a string of length up to 154 bytes, whereas we allocate only 144 bytes per entry. Also, in case of truncation, snprintf() returns the length of the un-truncated output so we must not use this to increment buf_len. Finally some of the lengths given to snprintf() are unnecessarily generous. Reduce them so we don't have to increase the allocated length per entry further. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* Avoid copying buffer after dn_expand() failsBen Hutchings2016-01-281-3/+4
| | | | | | | If dn_expand() returns an error we could copy from an uninitialised output buffer or append the previous domain name again. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
* script: Launch script with correct action if last script call is terminatedHans Dedecker2016-01-261-1/+3
| | | | | | | | | Actions launched as resume will be used in a next script_call if the new action is not marked as resume even when the previous script run was already terminated. This behavior is particular visible when a RA is received as the script will run with action bound and not ra-updated resulting into a wan6 interface down/up transition
* odhcp6c: sync and accumulate RA & DHCPv6 events correctlySteven Barth2015-07-273-54/+93
|
* Merge branch 'upstream'Vladislav Grishenko2015-07-131-12/+0
|\
| * dhcpv6: remove dead codeSteven Barth2015-07-131-12/+0
| |
* | Avoid solicit for zero-length prefixVladislav Grishenko2015-07-121-4/+8
|/
* dhcpv6: clear CUSTOM_OPTS in a more sane mannerSteven Barth2015-06-092-3/+1
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Fix LW4over6 parameter handlingSteven Barth2015-05-161-4/+6
|
* Avoid of waiting for Advertise in stateless-only modeVladislav Grishenko2015-04-253-8/+23
| | | | | | | Start with Information-request when configured not to ask IA_NA/IA_PD. It allows to complete the exchange using only two messages, instead of four, and fixes infinite Advertise waiting loop with servers that just ignore Solicit messages.
* Fixup INF_MAX_RT for RFC 3315 as wellSteven Barth2015-04-201-1/+1
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Fix SOL_MAX_RT default value to match RFC 3315Steven Barth2015-04-202-2/+2
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* ra: avoid saving an empty search domain entrySteven Barth2015-04-151-7/+10
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* scan-code fixesSteven Barth2015-04-143-133/+132
|
* Improve handling of DNS search domainsSteven Barth2015-04-135-64/+120
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Fix odhcp6c_find_entrySteven Barth2015-04-122-3/+2
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Remove obsolete prefix class supportSteven Barth2015-04-125-34/+4
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Sanitize RA values lessSteven Barth2015-04-101-1/+1
|
* Pass ICMP configuration to user-space instead of directly applying itSteven Barth2015-04-103-25/+55
|
* script: don't resolve AFTR since DNS won't be applied yet anywaySteven Barth2015-04-091-25/+0
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* properly handle return codesJohn Crispin2015-03-303-6/+8
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* ra: use proper struct msghdr initializer to fix build error on muslFelix Fietkau2015-03-291-2/+9
| | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* make route metric more compatible with linux defaultsSteven Barth2015-03-251-2/+2
|
* Get rid of getifaddrs for interface ID detectionSteven Barth2015-03-111-26/+9
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Fix handling of DHCPv6 replies containing unrequested IA_NA/IA_PD optionsVladislav Grishenko2015-02-171-0/+4
|
* set default information refresh time to 86400 as per RFC 4242v1.1Steven Barth2015-01-131-1/+1
|
* Minor help string clarification for client-IDJan Janak2014-12-311-1/+1
| | | | | Document that the value of -c must be a 16-bit type (network byte order) followed by a client-ID value. For example, to use a UUID based client-ID (type 4, RFC 6355) one could use the following cmdline option: -c0004<128_bit_uuid_in_hex>
* Avoid sending empty DHCPv6 release messagesSteven Barth2014-12-101-0/+2
|
* Don't apply excess filter to DHCPv6 and unify odhcp6c_update_entrySteven Barth2014-12-104-17/+12
|
* More compatibility with non RFC-compliant serversSteven Barth2014-11-301-2/+13
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* Cleanup pidfile-gernerationSteven Barth2014-11-281-10/+6
|
View Lorry Controller Status