dhcp4: filter bogus DNS/NTP server addresses silently

if we receive a bogus lease with a DNS/NTP server within local scope let's politely ignore. Fixes: #4524
2025-01-11 09:18:07 +03:00 · 2016-11-18 17:19:44 +01:00 · 2016-11-18 17:19:44 +01:00 · d9ec2e632d
commit d9ec2e632d
parent 49ad68298a
1 changed files with 19 additions and 0 deletions
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@ -383,6 +383,23 @@ static int lease_parse_domain(const uint8_t *option, size_t len, char **ret) {
        return 0;
 }

+static void filter_bogus_addresses(struct in_addr *addresses, size_t *n) {
+        size_t i, j;
+
+        /* Silently filter DNS/NTP servers supplied to us that do not make outside of the local scope. */
+
+        for (i = 0, j = 0; i < *n; i ++) {
+
+                if (in4_addr_is_null(addresses+i) ||
+                    in4_addr_is_localhost(addresses+i))
+                        continue;
+
+                addresses[j++] = addresses[i];
+        }
+
+        *n = j;
+}
+
 static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_addr **ret, size_t *n_ret) {
        assert(option);
        assert(ret);
@ -404,6 +421,8 @@ static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_add
                if (!addresses)
                        return -ENOMEM;

+                filter_bogus_addresses(addresses, &n_addresses);
+
                free(*ret);
                *ret = addresses;
                *n_ret = n_addresses;