projects / dragonfly.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
dhclient - Delete trailing NUL's when parsing NVT ASCII options.
[dragonfly.git] / sbin / dhclient / options.c
... / ...
CommitLineData
1/* $OpenBSD: src/sbin/dhclient/options.c,v 1.40 2012/06/26 14:36:11 krw Exp $ */
2
3/* DHCP options parsing and reassembly. */
4
5/*
6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38 * Enterprises. To learn more about the Internet Software Consortium,
39 * see ``http://www.vix.com/isc''. To learn more about Vixie
40 * Enterprises, see ``http://www.vix.com''.
41 */
42
43#include <ctype.h>
44
45#include "dhcpd.h"
46
47int parse_option_buffer(struct option_data *, unsigned char *, int);
48
49/*
50 * Parse options out of the specified buffer, storing addresses of
51 * option values in options and setting client->options_valid if
52 * no errors are encountered.
53 */
54int
55parse_option_buffer(struct option_data *options, unsigned char *buffer,
56 int length)
57{
58 unsigned char *s, *t, *end = buffer + length;
59 int len, code;
60
61 for (s = buffer; *s != DHO_END && s < end; ) {
62 code = s[0];
63
64 /* Pad options don't have a length - just skip them. */
65 if (code == DHO_PAD) {
66 s++;
67 continue;
68 }
69
70 /*
71 * All options other than DHO_PAD and DHO_END have a
72 * one-byte length field.
73 */
74 if (s + 2 > end)
75 len = 0;
76 else
77 len = s[1];
78
79 /*
80 * If the option claims to extend beyond the end of the buffer
81 * then mark the options buffer bad.
82 */
83 if (s + len + 2 > end) {
84 warning("option %s (%d) larger than buffer.",
85 dhcp_options[code].name, len);
86 warning("rejecting bogus offer.");
87 return (0);
88 }
89
90 /*
91 * Strip trailing NULs from ascii ('t') options. They
92 * will be treated as DHO_PAD options. i.e. ignored. RFC 2132
93 * says "Options containing NVT ASCII data SHOULD NOT include
94 * a trailing NULL; however, the receiver of such options
95 * MUST be prepared to delete trailing nulls if they exist."
96 */
97 if (dhcp_options[code].format[0] == 't') {
98 for (len = s[1]; len > 0 && s[len + 1] == '\0'; len--)
99 ;
100 }
101
102 /*
103 * If we haven't seen this option before, just make
104 * space for it and copy it there.
105 */
106 if (!options[code].data) {
107 if (!(t = calloc(1, len + 1)))
108 error("Can't allocate storage for option %s.",
109 dhcp_options[code].name);
110 /*
111 * Copy and NUL-terminate the option (in case
112 * it's an ASCII string).
113 */
114 memcpy(t, &s[2], len);
115 t[len] = 0;
116 options[code].len = len;
117 options[code].data = t;
118 } else {
119 /*
120 * If it's a repeat, concatenate it to whatever
121 * we last saw. This is really only required
122 * for clients, but what the heck...
123 */
124 t = calloc(1, len + options[code].len + 1);
125 if (!t)
126 error("Can't expand storage for option %s.",
127 dhcp_options[code].name);
128 memcpy(t, options[code].data, options[code].len);
129 memcpy(t + options[code].len, &s[2], len);
130 options[code].len += len;
131 t[options[code].len] = 0;
132 free(options[code].data);
133 options[code].data = t;
134 }
135 s += len + 2;
136 }
137
138 return (1);
139}
140
141/*
142 * Copy as many options as fit in buflen bytes of buf. Return the
143 * offset of the start of the last option copied. A caller can check
144 * to see if it's DHO_END to decide if all the options were copied.
145 */
146int
147cons_options(struct option_data *options)
148{
149 unsigned char *buf = client->packet.options;
150 int buflen = 576 - DHCP_FIXED_LEN;
151 int ix, incr, length, bufix, code, lastopt = -1;
152
153 bzero(buf, buflen);
154
155 memcpy(buf, DHCP_OPTIONS_COOKIE, 4);
156 if (options[DHO_DHCP_MESSAGE_TYPE].data) {
157 memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3);
158 buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0];
159 bufix = 7;
160 } else
161 bufix = 4;
162
163 for (code = DHO_SUBNET_MASK; code < DHO_END; code++) {
164 if (!options[code].data || code == DHO_DHCP_MESSAGE_TYPE)
165 continue;
166
167 length = options[code].len;
168 if (bufix + length + 2*((length+254)/255) >= buflen)
169 return (lastopt);
170
171 lastopt = bufix;
172 ix = 0;
173
174 while (length) {
175 incr = length > 255 ? 255 : length;
176
177 buf[bufix++] = code;
178 buf[bufix++] = incr;
179 memcpy(buf + bufix, options[code].data + ix, incr);
180
181 length -= incr;
182 ix += incr;
183 bufix += incr;
184 }
185 }
186
187 if (bufix < buflen) {
188 buf[bufix] = DHO_END;
189 lastopt = bufix;
190 }
191
192 return (lastopt);
193}
194
195/*
196 * Format the specified option so that a human can easily read it.
197 */
198char *
199pretty_print_option(unsigned int code, unsigned char *data, int len,
200 int emit_commas, int emit_quotes)
201{
202 static char optbuf[32768]; /* XXX */
203 int hunksize = 0, numhunk = -1, numelem = 0;
204 char fmtbuf[32], *op = optbuf;
205 int i, j, k, opleft = sizeof(optbuf);
206 unsigned char *dp = data;
207 struct in_addr foo;
208 char comma;
209
210 /* Code should be between 0 and 255. */
211 if (code > 255)
212 error("pretty_print_option: bad code %d", code);
213
214 if (emit_commas)
215 comma = ',';
216 else
217 comma = ' ';
218
219 /* Figure out the size of the data. */
220 for (i = 0; dhcp_options[code].format[i]; i++) {
221 if (!numhunk) {
222 warning("%s: Excess information in format string: %s",
223 dhcp_options[code].name,
224 &(dhcp_options[code].format[i]));
225 break;
226 }
227 numelem++;
228 fmtbuf[i] = dhcp_options[code].format[i];
229 switch (dhcp_options[code].format[i]) {
230 case 'A':
231 --numelem;
232 fmtbuf[i] = 0;
233 numhunk = 0;
234 if (hunksize == 0) {
235 warning("%s: no size indicator before A"
236 " in format string: %s",
237 dhcp_options[code].name,
238 dhcp_options[code].format);
239 return ("<fmt error>");
240 }
241 break;
242 case 'X':
243 for (k = 0; k < len; k++)
244 if (!isascii(data[k]) ||
245 !isprint(data[k]))
246 break;
247 if (k == len) {
248 fmtbuf[i] = 't';
249 numhunk = -2;
250 } else {
251 fmtbuf[i] = 'x';
252 hunksize++;
253 comma = ':';
254 numhunk = 0;
255 }
256 fmtbuf[i + 1] = 0;
257 break;
258 case 't':
259 fmtbuf[i] = 't';
260 fmtbuf[i + 1] = 0;
261 numhunk = -2;
262 break;
263 case 'I':
264 case 'l':
265 case 'L':
266 hunksize += 4;
267 break;
268 case 's':
269 case 'S':
270 hunksize += 2;
271 break;
272 case 'b':
273 case 'B':
274 case 'f':
275 hunksize++;
276 break;
277 case 'e':
278 break;
279 default:
280 warning("%s: garbage in format string: %s",
281 dhcp_options[code].name,
282 &(dhcp_options[code].format[i]));
283 break;
284 }
285 }
286
287 /* Check for too few bytes... */
288 if (hunksize > len) {
289 warning("%s: expecting at least %d bytes; got %d",
290 dhcp_options[code].name, hunksize, len);
291 return ("<error>");
292 }
293 /* Check for too many bytes... */
294 if (numhunk == -1 && hunksize < len)
295 warning("%s: %d extra bytes",
296 dhcp_options[code].name, len - hunksize);
297
298 /* If this is an array, compute its size. */
299 if (!numhunk)
300 numhunk = len / hunksize;
301 /* See if we got an exact number of hunks. */
302 if (numhunk > 0 && numhunk * hunksize < len)
303 warning("%s: %d extra bytes at end of array",
304 dhcp_options[code].name, len - numhunk * hunksize);
305
306 /* A one-hunk array prints the same as a single hunk. */
307 if (numhunk < 0)
308 numhunk = 1;
309
310 /* Cycle through the array (or hunk) printing the data. */
311 for (i = 0; i < numhunk; i++) {
312 for (j = 0; j < numelem; j++) {
313 int opcount;
314 size_t oplen;
315 switch (fmtbuf[j]) {
316 case 't':
317 if (emit_quotes) {
318 *op++ = '"';
319 opleft--;
320 }
321 for (; dp < data + len; dp++) {
322 if (!isascii(*dp) ||
323 !isprint(*dp)) {
324 if (dp + 1 != data + len ||
325 *dp != 0) {
326 size_t oplen;
327 snprintf(op, opleft,
328 "\\%03o", *dp);
329 oplen = strlen(op);
330 op += oplen;
331 opleft -= oplen;
332 }
333 } else if (*dp == '"' ||
334 *dp == '\'' ||
335 *dp == '$' ||
336 *dp == '`' ||
337 *dp == '\\') {
338 *op++ = '\\';
339 *op++ = *dp;
340 opleft -= 2;
341 } else {
342 *op++ = *dp;
343 opleft--;
344 }
345 }
346 if (emit_quotes) {
347 *op++ = '"';
348 opleft--;
349 }
350
351 *op = 0;
352 break;
353 case 'I':
354 foo.s_addr = htonl(getULong(dp));
355 opcount = strlcpy(op, inet_ntoa(foo), opleft);
356 if (opcount >= opleft)
357 goto toobig;
358 opleft -= opcount;
359 dp += 4;
360 break;
361 case 'l':
362 opcount = snprintf(op, opleft, "%ld",
363 (long)getLong(dp));
364 if (opcount >= opleft || opcount == -1)
365 goto toobig;
366 opleft -= opcount;
367 dp += 4;
368 break;
369 case 'L':
370 opcount = snprintf(op, opleft, "%ld",
371 (unsigned long)getULong(dp));
372 if (opcount >= opleft || opcount == -1)
373 goto toobig;
374 opleft -= opcount;
375 dp += 4;
376 break;
377 case 's':
378 opcount = snprintf(op, opleft, "%d",
379 getShort(dp));
380 if (opcount >= opleft || opcount == -1)
381 goto toobig;
382 opleft -= opcount;
383 dp += 2;
384 break;
385 case 'S':
386 opcount = snprintf(op, opleft, "%d",
387 getUShort(dp));
388 if (opcount >= opleft || opcount == -1)
389 goto toobig;
390 opleft -= opcount;
391 dp += 2;
392 break;
393 case 'b':
394 opcount = snprintf(op, opleft, "%d",
395 *(char *)dp++);
396 if (opcount >= opleft || opcount == -1)
397 goto toobig;
398 opleft -= opcount;
399 break;
400 case 'B':
401 opcount = snprintf(op, opleft, "%d", *dp++);
402 if (opcount >= opleft || opcount == -1)
403 goto toobig;
404 opleft -= opcount;
405 break;
406 case 'x':
407 opcount = snprintf(op, opleft, "%x", *dp++);
408 if (opcount >= opleft || opcount == -1)
409 goto toobig;
410 opleft -= opcount;
411 break;
412 case 'f':
413 opcount = strlcpy(op,
414 *dp++ ? "true" : "false", opleft);
415 if (opcount >= opleft)
416 goto toobig;
417 opleft -= opcount;
418 break;
419 default:
420 warning("Unexpected format code %c", fmtbuf[j]);
421 }
422 oplen = strlen(op);
423 op += oplen;
424 opleft -= oplen;
425 if (opleft < 1)
426 goto toobig;
427 if (j + 1 < numelem && comma != ':') {
428 *op++ = ' ';
429 opleft--;
430 }
431 }
432 if (i + 1 < numhunk) {
433 *op++ = comma;
434 opleft--;
435 }
436 if (opleft < 1)
437 goto toobig;
438
439 }
440 return (optbuf);
441 toobig:
442 warning("dhcp option too large");
443 return ("<error>");
444}
445
446void
447do_packet(int len, unsigned int from_port, struct iaddr from,
448 struct hardware *hfrom)
449{
450 struct dhcp_packet *packet = &client->packet;
451 struct option_data options[256];
452 struct iaddrlist *ap;
453 void (*handler)(struct iaddr, struct option_data *);
454 char *type;
455 int i, options_valid = 1;
456
457 if (packet->hlen > sizeof(packet->chaddr)) {
458 note("Discarding packet with invalid hlen.");
459 return;
460 }
461
462 /*
463 * Silently drop the packet if the client hardware address in the
464 * packet is not the hardware address of the interface being managed.
465 */
466 if ((ifi->hw_address.hlen != packet->hlen) ||
467 (memcmp(ifi->hw_address.haddr, packet->chaddr, packet->hlen)))
468 return;
469
470 memset(options, 0, sizeof(options));
471
472 if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) {
473 /* Parse the BOOTP/DHCP options field. */
474 options_valid = parse_option_buffer(options,
475 &packet->options[4], sizeof(packet->options) - 4);
476
477 /* Only DHCP packets have overload areas for options. */
478 if (options_valid &&
479 options[DHO_DHCP_MESSAGE_TYPE].data &&
480 options[DHO_DHCP_OPTION_OVERLOAD].data) {
481 if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
482 options_valid = parse_option_buffer(options,
483 (unsigned char *)packet->file,
484 sizeof(packet->file));
485 if (options_valid &&
486 options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
487 options_valid = parse_option_buffer(options,
488 (unsigned char *)packet->sname,
489 sizeof(packet->sname));
490 }
491 }
492
493 type = "";
494 handler = NULL;
495
496 if (options[DHO_DHCP_MESSAGE_TYPE].data) {
497 /* Always try a DHCP packet, even if a bad option was seen. */
498 switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) {
499 case DHCPOFFER:
500 handler = dhcpoffer;
501 type = "DHCPOFFER";
502 break;
503 case DHCPNAK:
504 handler = dhcpnak;
505 type = "DHCPNACK";
506 break;
507 case DHCPACK:
508 handler = dhcpack;
509 type = "DHCPACK";
510 break;
511 default:
512 break;
513 }
514 } else if (options_valid && packet->op == BOOTREPLY) {
515 handler = dhcpoffer;
516 type = "BOOTREPLY";
517 }
518
519 if (handler && client->xid == client->packet.xid) {
520 if (hfrom->hlen == 6)
521 note("%s from %s (%s)", type, piaddr(from),
522 ether_ntoa((struct ether_addr *)hfrom->haddr));
523 else
524 note("%s from %s", type, piaddr(from));
525 } else
526 handler = NULL;
527
528 for (ap = config->reject_list; ap && handler; ap = ap->next)
529 if (addr_eq(from, ap->addr)) {
530 note("%s from %s rejected.", type, piaddr(from));
531 handler = NULL;
532 }
533
534 if (handler)
535 (*handler)(from, options);
536
537 for (i = 0; i < 256; i++)
538 if (options[i].len && options[i].data)
539 free(options[i].data);
540}
DragonFly Project Source