diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-01-12 22:38:29 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-01-13 00:07:33 +0900 |
| commit | 019951ec97a98775063271e5f36096ac3ba0b510 (patch) | |
| tree | b211d453aa84653c06d738e8222b2ee7c13496cc /src | |
| parent | 361eb4125d2d7679c71fba157d70d75221970715 (diff) | |
| download | systemd-019951ec97a98775063271e5f36096ac3ba0b510.tar.gz | |
dhcp6: refuse zero length vendor class
Also, fixes the maximum length of the vendor class to UINT16_MAX.
Moreover, a memory leak in sd_dhcp6_client_set_request_vendor_class().
Diffstat (limited to 'src')
| -rw-r--r-- | src/libsystemd-network/dhcp6-internal.h | 2 | ||||
| -rw-r--r-- | src/libsystemd-network/dhcp6-option.c | 9 | ||||
| -rw-r--r-- | src/libsystemd-network/sd-dhcp6-client.c | 21 | ||||
| -rw-r--r-- | src/systemd/sd-dhcp6-client.h | 2 |
4 files changed, 19 insertions, 15 deletions
diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h index d02186a4b2..9a32b007fc 100644 --- a/src/libsystemd-network/dhcp6-internal.h +++ b/src/libsystemd-network/dhcp6-internal.h @@ -100,7 +100,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia); int dhcp6_option_append_pd(uint8_t *buf, size_t len, const DHCP6IA *pd, DHCP6Address *hint_pd_prefix); int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn); int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *user_class); -int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **user_class); +int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *user_class); int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHashmap *vendor_options); int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, size_t *optlen, uint8_t **optvalue); diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c index 8151e66bca..9f47c1bbe4 100644 --- a/src/libsystemd-network/dhcp6-option.c +++ b/src/libsystemd-network/dhcp6-option.c @@ -232,16 +232,16 @@ int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const * return dhcp6_option_append(buf, buflen, SD_DHCP6_OPTION_USER_CLASS, total, p); } -int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **vendor_class) { +int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *vendor_class) { _cleanup_free_ uint8_t *p = NULL; uint32_t enterprise_identifier; size_t total, offset; - char **s; + char * const *s; assert(buf); assert(*buf); assert(buflen); - assert(vendor_class); + assert(!strv_isempty(vendor_class)); enterprise_identifier = htobe32(SYSTEMD_PEN); @@ -256,6 +256,9 @@ int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **vendo size_t len = strlen(*s); uint8_t *q; + if (len > UINT16_MAX || len == 0) + return -EINVAL; + q = realloc(p, total + len + 2); if (!q) return -ENOMEM; diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 687661cd5e..788f2e1d42 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -485,25 +485,26 @@ int sd_dhcp6_client_set_request_user_class(sd_dhcp6_client *client, char * const return strv_free_and_replace(client->user_class, s); } -int sd_dhcp6_client_set_request_vendor_class(sd_dhcp6_client *client, char **vendor_class) { - _cleanup_strv_free_ char **s = NULL; - char **p; +int sd_dhcp6_client_set_request_vendor_class(sd_dhcp6_client *client, char * const *vendor_class) { + char * const *p; + char **s; assert_return(client, -EINVAL); assert_return(client->state == DHCP6_STATE_STOPPED, -EBUSY); - assert_return(vendor_class, -EINVAL); + assert_return(!strv_isempty(vendor_class), -EINVAL); - STRV_FOREACH(p, vendor_class) - if (strlen(*p) > UINT8_MAX) - return -ENAMETOOLONG; + STRV_FOREACH(p, vendor_class) { + size_t len = strlen(*p); + + if (len > UINT16_MAX || len == 0) + return -EINVAL; + } s = strv_copy(vendor_class); if (!s) return -ENOMEM; - client->vendor_class = TAKE_PTR(s); - - return 0; + return strv_free_and_replace(client->vendor_class, s); } int sd_dhcp6_client_get_prefix_delegation(sd_dhcp6_client *client, int *delegation) { diff --git a/src/systemd/sd-dhcp6-client.h b/src/systemd/sd-dhcp6-client.h index 492e281f8b..84e3170130 100644 --- a/src/systemd/sd-dhcp6-client.h +++ b/src/systemd/sd-dhcp6-client.h @@ -136,7 +136,7 @@ int sd_dhcp6_client_set_request_user_class( char * const *user_class); int sd_dhcp6_client_set_request_vendor_class( sd_dhcp6_client *client, - char** vendor_class); + char * const *vendor_class); int sd_dhcp6_client_set_prefix_delegation_hint( sd_dhcp6_client *client, uint8_t prefixlen, |