summaryrefslogtreecommitdiff
path: root/networking/udhcp/packet.c
diff options
context:
space:
mode:
authorDenys Vlasenko2010-03-21 06:15:28 +0100
committerDenys Vlasenko2010-03-21 06:15:28 +0100
commitc7dc79e71ddbc1498736a2bbf65a3da179557f83 (patch)
treeab470e39f11f432b2099d3ebbe779d224bc1efba /networking/udhcp/packet.c
parent2e7aa928360eb9b1c90fa2356734cee794b66516 (diff)
downloadbusybox-c7dc79e71ddbc1498736a2bbf65a3da179557f83.zip
busybox-c7dc79e71ddbc1498736a2bbf65a3da179557f83.tar.gz
udhcpd: untangle incredibly messy handling of DHCPREQUEST
Also fixes attacks possible via DHCPDECLINE / DHCPRELEASE function old new delta udhcpd_main 1846 1949 +103 send_renew 105 142 +37 send_NAK 61 - -61 send_ACK 180 - -180 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 2/0 up/down: 140/-241) Total: -101 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/udhcp/packet.c')
-rw-r--r--networking/udhcp/packet.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/networking/udhcp/packet.c b/networking/udhcp/packet.c
index 90410cb..84d8309 100644
--- a/networking/udhcp/packet.c
+++ b/networking/udhcp/packet.c
@@ -21,7 +21,7 @@
void FAST_FUNC udhcp_init_header(struct dhcp_packet *packet, char type)
{
- memset(packet, 0, sizeof(struct dhcp_packet));
+ memset(packet, 0, sizeof(*packet));
packet->op = BOOTREQUEST; /* if client to a server */
switch (type) {
case DHCPOFFER:
@@ -29,10 +29,11 @@ void FAST_FUNC udhcp_init_header(struct dhcp_packet *packet, char type)
case DHCPNAK:
packet->op = BOOTREPLY; /* if server to client */
}
- packet->htype = ETH_10MB;
- packet->hlen = ETH_10MB_LEN;
+ packet->htype = 1; /* ethernet */
+ packet->hlen = 6;
packet->cookie = htonl(DHCP_MAGIC);
- packet->options[0] = DHCP_END;
+ if (DHCP_END != 0)
+ packet->options[0] = DHCP_END;
add_simple_option(packet->options, DHCP_MESSAGE_TYPE, type);
}
@@ -228,6 +229,7 @@ int FAST_FUNC udhcp_send_raw_packet(struct dhcp_packet *dhcp_pkt,
msg = "sendto";
ret_close:
close(fd);
+ /* FIXME: and if result >= 0 but != IP_UPD_DHCP_SIZE? */
if (result < 0) {
ret_msg:
bb_perror_msg(msg, "PACKET");
@@ -280,6 +282,7 @@ int FAST_FUNC udhcp_send_kernel_packet(struct dhcp_packet *dhcp_pkt,
msg = "write";
ret_close:
close(fd);
+ /* FIXME: and if result >= 0 but != DHCP_SIZE? */
if (result < 0) {
ret_msg:
bb_perror_msg(msg, "UDP");