1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

dhcp6: refuse zero length vendor class

Also, fixes the maximum length of the vendor class to UINT16_MAX.
Moreover, a memory leak in sd_dhcp6_client_set_request_vendor_class().
This commit is contained in:
Yu Watanabe 2021-01-12 22:38:29 +09:00
parent 361eb4125d
commit 019951ec97
4 changed files with 19 additions and 15 deletions

View File

@ -100,7 +100,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia);
int dhcp6_option_append_pd(uint8_t *buf, size_t len, const DHCP6IA *pd, DHCP6Address *hint_pd_prefix);
int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn);
int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *user_class);
int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **user_class);
int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *user_class);
int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHashmap *vendor_options);
int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode,
size_t *optlen, uint8_t **optvalue);

View File

@ -232,16 +232,16 @@ int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *
return dhcp6_option_append(buf, buflen, SD_DHCP6_OPTION_USER_CLASS, total, p);
}
int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **vendor_class) {
int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *vendor_class) {
_cleanup_free_ uint8_t *p = NULL;
uint32_t enterprise_identifier;
size_t total, offset;
char **s;
char * const *s;
assert(buf);
assert(*buf);
assert(buflen);
assert(vendor_class);
assert(!strv_isempty(vendor_class));
enterprise_identifier = htobe32(SYSTEMD_PEN);
@ -256,6 +256,9 @@ int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **vendo
size_t len = strlen(*s);
uint8_t *q;
if (len > UINT16_MAX || len == 0)
return -EINVAL;
q = realloc(p, total + len + 2);
if (!q)
return -ENOMEM;

View File

@ -485,25 +485,26 @@ int sd_dhcp6_client_set_request_user_class(sd_dhcp6_client *client, char * const
return strv_free_and_replace(client->user_class, s);
}
int sd_dhcp6_client_set_request_vendor_class(sd_dhcp6_client *client, char **vendor_class) {
_cleanup_strv_free_ char **s = NULL;
char **p;
int sd_dhcp6_client_set_request_vendor_class(sd_dhcp6_client *client, char * const *vendor_class) {
char * const *p;
char **s;
assert_return(client, -EINVAL);
assert_return(client->state == DHCP6_STATE_STOPPED, -EBUSY);
assert_return(vendor_class, -EINVAL);
assert_return(!strv_isempty(vendor_class), -EINVAL);
STRV_FOREACH(p, vendor_class)
if (strlen(*p) > UINT8_MAX)
return -ENAMETOOLONG;
STRV_FOREACH(p, vendor_class) {
size_t len = strlen(*p);
if (len > UINT16_MAX || len == 0)
return -EINVAL;
}
s = strv_copy(vendor_class);
if (!s)
return -ENOMEM;
client->vendor_class = TAKE_PTR(s);
return 0;
return strv_free_and_replace(client->vendor_class, s);
}
int sd_dhcp6_client_get_prefix_delegation(sd_dhcp6_client *client, int *delegation) {

View File

@ -136,7 +136,7 @@ int sd_dhcp6_client_set_request_user_class(
char * const *user_class);
int sd_dhcp6_client_set_request_vendor_class(
sd_dhcp6_client *client,
char** vendor_class);
char * const *vendor_class);
int sd_dhcp6_client_set_prefix_delegation_hint(
sd_dhcp6_client *client,
uint8_t prefixlen,