[klibc] [PATCH 6/6] ipconfig: A bit more robust bootp/dhcp option parsing

KUMAAN 9maaan at gmail.com
Mon Aug 22 23:00:32 PDT 2011


Be a bit more strict about our BOOTP/DHCP option parsing to avoid
segmentation faults.

Signed-off-by: KUMAAN <9maaan at gmail.com>
---
 usr/kinit/ipconfig/bootp_proto.c |    4 ++++
 usr/kinit/ipconfig/dhcp_proto.c  |   33 ++++++++++++++++++++++++---------
 2 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/usr/kinit/ipconfig/bootp_proto.c b/usr/kinit/ipconfig/bootp_proto.c
index 8c673b5..150ebfa 100644
--- a/usr/kinit/ipconfig/bootp_proto.c
+++ b/usr/kinit/ipconfig/bootp_proto.c
@@ -302,8 +302,12 @@ int bootp_parse(struct netdev *dev, struct bootp_hdr *hdr,
 			else if (opt == 255)
 				break;
 
+			if (ext - exts >= extlen)
+				break;
 			len = *ext++;
 
+			if (ext - exts + len > extlen)
+				break;
 			switch (opt) {
 			case 1:	/* subnet mask */
 				if (len == 4)
diff --git a/usr/kinit/ipconfig/dhcp_proto.c b/usr/kinit/ipconfig/dhcp_proto.c
index d3a4c7b..e006f0a 100644
--- a/usr/kinit/ipconfig/dhcp_proto.c
+++ b/usr/kinit/ipconfig/dhcp_proto.c
@@ -95,20 +95,35 @@ static int dhcp_parse(struct netdev *dev, struct bootp_hdr *hdr,
 		uint8_t *ext;
 
 		for (ext = exts + 4; ext - exts < extlen;) {
-			uint8_t len, *opt = ext++;
-			if (*opt == 0)
+			int len;
+			uint8_t opt = *ext++;
+
+			if (opt == 0)
 				continue;
+			else if (opt == 255)
+				break;
 
+			if (ext - exts >= extlen)
+				break;
 			len = *ext++;
 
+			if (ext - exts + len > extlen)
+				break;
+			switch (opt) {
+			case 51:	/* IP Address Lease Time */
+				if (len == 4)
+					leasetime = ntohl(*(uint32_t *)ext);
+				break;
+			case 53:	/* DHCP Message Type */
+				if (len == 1)
+					type = *ext;
+				break;
+			case 54:	/* Server Identifier */
+				if (len == 4)
+					memcpy(&serverid, ext, 4);
+				break;
+			}
 			ext += len;
-
-			if (*opt == 51 && len == 4)
-				leasetime = ntohl(*(uint32_t *)(opt + 2));
-			if (*opt == 53)
-				type = opt[2];
-			if (*opt == 54)
-				memcpy(&serverid, opt + 2, 4);
 		}
 	}
 
-- 
1.7.2.5




More information about the klibc mailing list