[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [patch] cope with buggy dhcp servers (was: need some insight in
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn () axis ! com>
Date: 2007-11-24 9:38:03
Message-ID: 0711241033540.15973 () somehost
[Download RAW message or body]
On Fri, 23 Nov 2007, Cristian Ionescu-Idbohrn wrote:
> Still... This tweak is needed _only_ if the dhcp-server is brain
> dead, problem which most clients don't suffer of.
This is what I could come out with. Please comment.
Cheers,
--
Cristian
["02udhcpc.patch" (TEXT/x-diff)]
Index: networking/udhcp/Config.in
===================================================================
--- networking/udhcp/Config.in (revision 20504)
+++ networking/udhcp/Config.in (working copy)
@@ -82,3 +82,21 @@
help
If selected, both client and server will support passing of domain
search lists via option 119, specified in RFC3397.
+
+config UDHCP_OPTIONS_SLACK_FOR_BUGGY_SERVERS
+ int "DHCP options slack buffer size"
+ default 0
+ range 0 896
+ depends on APP_UDHCPD || APP_UDHCPC
+ help
+ Some buggy DHCP servers will offer the requested option(s) with
+ packets larger than we expect (which might also be considered a
+ buffer overflow attempt). These packets are normally discarded.
+ If circumstances beyond your control force you to support such
+ servers, this may help. Change the default only if you know what
+ you're doing. The upper limit covers for a whole ethernet frame.
+
+ One example of buggy dhcp-server is the '3Com OfficeConnect Remote
+ 812 ADSL Router' which mixes up the dhcpMessage size (576 bytes)
+ with the whole udp_dhcp_packet size. That router doesn't clean the
+ extra bytes either, which may lead to infomation leakage.
Index: networking/udhcp/options.c
===================================================================
--- networking/udhcp/options.c (revision 20504)
+++ networking/udhcp/options.c (working copy)
@@ -145,7 +145,7 @@
int end = end_option(optionptr);
/* end position + string length + option code/length + end option */
- if (end + string[OPT_LEN] + 2 + 1 >= 308) {
+ if (end + string[OPT_LEN] + 2 + 1 >= UDHCP_OPTIONS_BUFF_SIZE_MIN) {
bb_error_msg("option 0x%02x did not fit into the packet",
string[OPT_CODE]);
return 0;
Index: networking/udhcp/common.h
===================================================================
--- networking/udhcp/common.h (revision 20504)
+++ networking/udhcp/common.h (working copy)
@@ -21,6 +21,8 @@
#include <netinet/udp.h>
#include <netinet/ip.h>
+#define UDHCP_OPTIONS_BUFF_SIZE_MIN 308
+
struct dhcpMessage {
uint8_t op;
uint8_t htype;
@@ -37,7 +39,10 @@
uint8_t sname[64];
uint8_t file[128];
uint32_t cookie;
- uint8_t options[308]; /* 312 - cookie */
+ uint8_t options[UDHCP_OPTIONS_BUFF_SIZE_MIN +
+ CONFIG_UDHCP_OPTIONS_SLACK_FOR_BUGGY_SERVERS];
+ /* (312 - cookie)
+ when CONFIG_UDHCP_OPTIONS_SLACK_FOR_BUGGY_SERVERS == 0 */
} ATTRIBUTE_PACKED;
struct udp_dhcp_packet {
@@ -46,10 +51,15 @@
struct dhcpMessage data;
} ATTRIBUTE_PACKED;
+#define UDHCP_UDP_PACKET_SIZE_MIN ((sizeof(struct udp_dhcp_packet)) - \
+ (CONFIG_UDHCP_OPTIONS_SLACK_FOR_BUGGY_SERVERS))
+
/* Let's see whether compiler understood us right */
struct BUG_bad_sizeof_struct_udp_dhcp_packet {
char BUG_bad_sizeof_struct_udp_dhcp_packet
- [sizeof(struct udp_dhcp_packet) != 576 ? -1 : 1];
+ [sizeof(struct udp_dhcp_packet) !=
+ ((UDHCP_UDP_PACKET_SIZE_MIN) +
+ (CONFIG_UDHCP_OPTIONS_SLACK_FOR_BUGGY_SERVERS)) ? -1 : 1];
};
void udhcp_init_header(struct dhcpMessage *packet, char type);
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic