dhclient - Add some more paranoia and make code clearer.
[dragonfly.git] / sbin / dhclient / options.c
CommitLineData
685fcbc8 1/* $OpenBSD: src/sbin/dhclient/options.c,v 1.41 2012/06/26 14:46:42 krw Exp $ */
846204b6
HT
2
3/* DHCP options parsing and reassembly. */
4
5/*
6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38 * Enterprises. To learn more about the Internet Software Consortium,
39 * see ``http://www.vix.com/isc''. To learn more about Vixie
40 * Enterprises, see ``http://www.vix.com''.
41 */
42
43#include <ctype.h>
44
45#include "dhcpd.h"
46
47int parse_option_buffer(struct option_data *, unsigned char *, int);
48
49/*
50 * Parse options out of the specified buffer, storing addresses of
51 * option values in options and setting client->options_valid if
52 * no errors are encountered.
53 */
54int
55parse_option_buffer(struct option_data *options, unsigned char *buffer,
56 int length)
57{
58 unsigned char *s, *t, *end = buffer + length;
59 int len, code;
60
61 for (s = buffer; *s != DHO_END && s < end; ) {
62 code = s[0];
63
64 /* Pad options don't have a length - just skip them. */
65 if (code == DHO_PAD) {
66 s++;
67 continue;
68 }
69
70 /*
685fcbc8
AHJ
71 * All options other than DHO_PAD and DHO_END have a one-byte
72 * length field. It could be 0! Make sure that the length byte
73 * is present, and all the data is available.
846204b6 74 */
685fcbc8 75 if (s + 1 < end) {
846204b6 76 len = s[1];
685fcbc8
AHJ
77 if (s + 1 + len < end) {
78 ; /* option data is all there. */
79 } else {
80 warning("option %s (%d) larger than buffer.",
81 dhcp_options[code].name, len);
82 warning("rejecting bogus offer.");
83 return (0);
84 }
85 } else {
86 warning("option %s has no length field.",
87 dhcp_options[code].name);
846204b6
HT
88 warning("rejecting bogus offer.");
89 return (0);
90 }
f568cd1e
AHJ
91
92 /*
93 * Strip trailing NULs from ascii ('t') options. They
94 * will be treated as DHO_PAD options. i.e. ignored. RFC 2132
95 * says "Options containing NVT ASCII data SHOULD NOT include
96 * a trailing NULL; however, the receiver of such options
97 * MUST be prepared to delete trailing nulls if they exist."
98 */
99 if (dhcp_options[code].format[0] == 't') {
685fcbc8
AHJ
100 while (len > 0 && s[len + 1] == '\0')
101 len--;
f568cd1e
AHJ
102 }
103
846204b6
HT
104 /*
105 * If we haven't seen this option before, just make
106 * space for it and copy it there.
107 */
108 if (!options[code].data) {
109 if (!(t = calloc(1, len + 1)))
110 error("Can't allocate storage for option %s.",
111 dhcp_options[code].name);
112 /*
113 * Copy and NUL-terminate the option (in case
114 * it's an ASCII string).
115 */
116 memcpy(t, &s[2], len);
117 t[len] = 0;
118 options[code].len = len;
119 options[code].data = t;
120 } else {
121 /*
122 * If it's a repeat, concatenate it to whatever
123 * we last saw. This is really only required
124 * for clients, but what the heck...
125 */
126 t = calloc(1, len + options[code].len + 1);
127 if (!t)
128 error("Can't expand storage for option %s.",
129 dhcp_options[code].name);
130 memcpy(t, options[code].data, options[code].len);
131 memcpy(t + options[code].len, &s[2], len);
132 options[code].len += len;
133 t[options[code].len] = 0;
134 free(options[code].data);
135 options[code].data = t;
136 }
137 s += len + 2;
138 }
139
140 return (1);
141}
142
143/*
144 * Copy as many options as fit in buflen bytes of buf. Return the
145 * offset of the start of the last option copied. A caller can check
146 * to see if it's DHO_END to decide if all the options were copied.
147 */
148int
741bbb9f 149cons_options(struct option_data *options)
846204b6 150{
741bbb9f
AHJ
151 unsigned char *buf = client->packet.options;
152 int buflen = 576 - DHCP_FIXED_LEN;
846204b6
HT
153 int ix, incr, length, bufix, code, lastopt = -1;
154
155 bzero(buf, buflen);
156
741bbb9f
AHJ
157 memcpy(buf, DHCP_OPTIONS_COOKIE, 4);
158 if (options[DHO_DHCP_MESSAGE_TYPE].data) {
159 memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3);
160 buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0];
161 bufix = 7;
162 } else
163 bufix = 4;
846204b6
HT
164
165 for (code = DHO_SUBNET_MASK; code < DHO_END; code++) {
741bbb9f 166 if (!options[code].data || code == DHO_DHCP_MESSAGE_TYPE)
846204b6
HT
167 continue;
168
169 length = options[code].len;
170 if (bufix + length + 2*((length+254)/255) >= buflen)
171 return (lastopt);
172
173 lastopt = bufix;
174 ix = 0;
175
176 while (length) {
177 incr = length > 255 ? 255 : length;
178
179 buf[bufix++] = code;
180 buf[bufix++] = incr;
181 memcpy(buf + bufix, options[code].data + ix, incr);
182
183 length -= incr;
184 ix += incr;
185 bufix += incr;
186 }
187 }
188
189 if (bufix < buflen) {
190 buf[bufix] = DHO_END;
191 lastopt = bufix;
192 }
193
194 return (lastopt);
195}
196
197/*
198 * Format the specified option so that a human can easily read it.
199 */
200char *
201pretty_print_option(unsigned int code, unsigned char *data, int len,
202 int emit_commas, int emit_quotes)
203{
204 static char optbuf[32768]; /* XXX */
205 int hunksize = 0, numhunk = -1, numelem = 0;
206 char fmtbuf[32], *op = optbuf;
207 int i, j, k, opleft = sizeof(optbuf);
208 unsigned char *dp = data;
209 struct in_addr foo;
210 char comma;
211
212 /* Code should be between 0 and 255. */
213 if (code > 255)
214 error("pretty_print_option: bad code %d", code);
215
216 if (emit_commas)
217 comma = ',';
218 else
219 comma = ' ';
220
221 /* Figure out the size of the data. */
222 for (i = 0; dhcp_options[code].format[i]; i++) {
223 if (!numhunk) {
224 warning("%s: Excess information in format string: %s",
225 dhcp_options[code].name,
226 &(dhcp_options[code].format[i]));
227 break;
228 }
229 numelem++;
230 fmtbuf[i] = dhcp_options[code].format[i];
231 switch (dhcp_options[code].format[i]) {
232 case 'A':
233 --numelem;
234 fmtbuf[i] = 0;
235 numhunk = 0;
1c6d9dd3
AHJ
236 if (hunksize == 0) {
237 warning("%s: no size indicator before A"
238 " in format string: %s",
239 dhcp_options[code].name,
240 dhcp_options[code].format);
241 return ("<fmt error>");
242 }
846204b6
HT
243 break;
244 case 'X':
245 for (k = 0; k < len; k++)
246 if (!isascii(data[k]) ||
247 !isprint(data[k]))
248 break;
249 if (k == len) {
250 fmtbuf[i] = 't';
251 numhunk = -2;
252 } else {
253 fmtbuf[i] = 'x';
254 hunksize++;
255 comma = ':';
256 numhunk = 0;
257 }
258 fmtbuf[i + 1] = 0;
259 break;
260 case 't':
261 fmtbuf[i] = 't';
262 fmtbuf[i + 1] = 0;
263 numhunk = -2;
264 break;
265 case 'I':
266 case 'l':
267 case 'L':
268 hunksize += 4;
269 break;
270 case 's':
271 case 'S':
272 hunksize += 2;
273 break;
274 case 'b':
275 case 'B':
276 case 'f':
277 hunksize++;
278 break;
279 case 'e':
280 break;
281 default:
282 warning("%s: garbage in format string: %s",
283 dhcp_options[code].name,
284 &(dhcp_options[code].format[i]));
285 break;
286 }
287 }
288
289 /* Check for too few bytes... */
290 if (hunksize > len) {
291 warning("%s: expecting at least %d bytes; got %d",
292 dhcp_options[code].name, hunksize, len);
293 return ("<error>");
294 }
295 /* Check for too many bytes... */
296 if (numhunk == -1 && hunksize < len)
297 warning("%s: %d extra bytes",
298 dhcp_options[code].name, len - hunksize);
299
300 /* If this is an array, compute its size. */
301 if (!numhunk)
302 numhunk = len / hunksize;
303 /* See if we got an exact number of hunks. */
304 if (numhunk > 0 && numhunk * hunksize < len)
305 warning("%s: %d extra bytes at end of array",
306 dhcp_options[code].name, len - numhunk * hunksize);
307
308 /* A one-hunk array prints the same as a single hunk. */
309 if (numhunk < 0)
310 numhunk = 1;
311
312 /* Cycle through the array (or hunk) printing the data. */
313 for (i = 0; i < numhunk; i++) {
314 for (j = 0; j < numelem; j++) {
315 int opcount;
316 size_t oplen;
317 switch (fmtbuf[j]) {
318 case 't':
319 if (emit_quotes) {
320 *op++ = '"';
321 opleft--;
322 }
323 for (; dp < data + len; dp++) {
324 if (!isascii(*dp) ||
325 !isprint(*dp)) {
326 if (dp + 1 != data + len ||
327 *dp != 0) {
328 size_t oplen;
329 snprintf(op, opleft,
330 "\\%03o", *dp);
331 oplen = strlen(op);
332 op += oplen;
333 opleft -= oplen;
334 }
335 } else if (*dp == '"' ||
336 *dp == '\'' ||
337 *dp == '$' ||
338 *dp == '`' ||
339 *dp == '\\') {
340 *op++ = '\\';
341 *op++ = *dp;
342 opleft -= 2;
343 } else {
344 *op++ = *dp;
345 opleft--;
346 }
347 }
348 if (emit_quotes) {
349 *op++ = '"';
350 opleft--;
351 }
352
353 *op = 0;
354 break;
355 case 'I':
356 foo.s_addr = htonl(getULong(dp));
357 opcount = strlcpy(op, inet_ntoa(foo), opleft);
358 if (opcount >= opleft)
359 goto toobig;
360 opleft -= opcount;
361 dp += 4;
362 break;
363 case 'l':
364 opcount = snprintf(op, opleft, "%ld",
365 (long)getLong(dp));
366 if (opcount >= opleft || opcount == -1)
367 goto toobig;
368 opleft -= opcount;
369 dp += 4;
370 break;
371 case 'L':
372 opcount = snprintf(op, opleft, "%ld",
373 (unsigned long)getULong(dp));
374 if (opcount >= opleft || opcount == -1)
375 goto toobig;
376 opleft -= opcount;
377 dp += 4;
378 break;
379 case 's':
380 opcount = snprintf(op, opleft, "%d",
381 getShort(dp));
382 if (opcount >= opleft || opcount == -1)
383 goto toobig;
384 opleft -= opcount;
385 dp += 2;
386 break;
387 case 'S':
388 opcount = snprintf(op, opleft, "%d",
389 getUShort(dp));
390 if (opcount >= opleft || opcount == -1)
391 goto toobig;
392 opleft -= opcount;
393 dp += 2;
394 break;
395 case 'b':
396 opcount = snprintf(op, opleft, "%d",
397 *(char *)dp++);
398 if (opcount >= opleft || opcount == -1)
399 goto toobig;
400 opleft -= opcount;
401 break;
402 case 'B':
403 opcount = snprintf(op, opleft, "%d", *dp++);
404 if (opcount >= opleft || opcount == -1)
405 goto toobig;
406 opleft -= opcount;
407 break;
408 case 'x':
409 opcount = snprintf(op, opleft, "%x", *dp++);
410 if (opcount >= opleft || opcount == -1)
411 goto toobig;
412 opleft -= opcount;
413 break;
414 case 'f':
415 opcount = strlcpy(op,
416 *dp++ ? "true" : "false", opleft);
417 if (opcount >= opleft)
418 goto toobig;
419 opleft -= opcount;
420 break;
421 default:
422 warning("Unexpected format code %c", fmtbuf[j]);
423 }
424 oplen = strlen(op);
425 op += oplen;
426 opleft -= oplen;
427 if (opleft < 1)
428 goto toobig;
429 if (j + 1 < numelem && comma != ':') {
430 *op++ = ' ';
431 opleft--;
432 }
433 }
434 if (i + 1 < numhunk) {
435 *op++ = comma;
436 opleft--;
437 }
438 if (opleft < 1)
439 goto toobig;
440
441 }
442 return (optbuf);
443 toobig:
444 warning("dhcp option too large");
445 return ("<error>");
446}
447
448void
449do_packet(int len, unsigned int from_port, struct iaddr from,
450 struct hardware *hfrom)
451{
452 struct dhcp_packet *packet = &client->packet;
453 struct option_data options[256];
454 struct iaddrlist *ap;
455 void (*handler)(struct iaddr, struct option_data *);
456 char *type;
457 int i, options_valid = 1;
458
459 if (packet->hlen > sizeof(packet->chaddr)) {
460 note("Discarding packet with invalid hlen.");
461 return;
462 }
463
464 /*
465 * Silently drop the packet if the client hardware address in the
466 * packet is not the hardware address of the interface being managed.
467 */
468 if ((ifi->hw_address.hlen != packet->hlen) ||
469 (memcmp(ifi->hw_address.haddr, packet->chaddr, packet->hlen)))
470 return;
471
472 memset(options, 0, sizeof(options));
473
474 if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) {
475 /* Parse the BOOTP/DHCP options field. */
476 options_valid = parse_option_buffer(options,
477 &packet->options[4], sizeof(packet->options) - 4);
478
479 /* Only DHCP packets have overload areas for options. */
480 if (options_valid &&
481 options[DHO_DHCP_MESSAGE_TYPE].data &&
482 options[DHO_DHCP_OPTION_OVERLOAD].data) {
483 if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
484 options_valid = parse_option_buffer(options,
485 (unsigned char *)packet->file,
486 sizeof(packet->file));
487 if (options_valid &&
488 options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
489 options_valid = parse_option_buffer(options,
490 (unsigned char *)packet->sname,
491 sizeof(packet->sname));
492 }
493 }
494
495 type = "";
496 handler = NULL;
497
498 if (options[DHO_DHCP_MESSAGE_TYPE].data) {
499 /* Always try a DHCP packet, even if a bad option was seen. */
500 switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) {
501 case DHCPOFFER:
502 handler = dhcpoffer;
503 type = "DHCPOFFER";
504 break;
505 case DHCPNAK:
506 handler = dhcpnak;
507 type = "DHCPNACK";
508 break;
509 case DHCPACK:
510 handler = dhcpack;
511 type = "DHCPACK";
512 break;
513 default:
514 break;
515 }
516 } else if (options_valid && packet->op == BOOTREPLY) {
517 handler = dhcpoffer;
518 type = "BOOTREPLY";
519 }
520
bdf60627
AHJ
521 if (handler && client->xid == client->packet.xid) {
522 if (hfrom->hlen == 6)
523 note("%s from %s (%s)", type, piaddr(from),
524 ether_ntoa((struct ether_addr *)hfrom->haddr));
525 else
526 note("%s from %s", type, piaddr(from));
527 } else
528 handler = NULL;
529
846204b6
HT
530 for (ap = config->reject_list; ap && handler; ap = ap->next)
531 if (addr_eq(from, ap->addr)) {
532 note("%s from %s rejected.", type, piaddr(from));
533 handler = NULL;
534 }
535
536 if (handler)
537 (*handler)(from, options);
538
539 for (i = 0; i < 256; i++)
540 if (options[i].len && options[i].data)
541 free(options[i].data);
542}