Age | Commit message (Collapse) | Author |
|
I noticed a commit in connman:
"gdhcp: Avoid leaking stack data via unitiialized variable" [1]
Since gdhcp is just BusyBox udhcp with the serial numbers filed off, I
checked if BusyBox udhcp has a related issue.
The issue is that the get_option logic assumes any data within the
memory area of the buffer is "valid". This reduces the complexity of the
function at the cost of reading past the end of the actually received
data in the case of specially crafted packets. This is not a problem
for the udhcp_recv_kernel_packet data path as the entire memory
area is zeroed. However, d4/d6_recv_raw_packet does not zero the
memory.
Note that a related commit [2] is not required as we are zeroing
any data that can be read by the get_option function.
[1] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
[2] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
function old new delta
d4_recv_raw_packet 484 497 +13
d6_recv_raw_packet 216 228 +12
.rodata 105390 105381 -9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 25/-9) Total: 16 bytes
Signed-off-by: Russ Dill <russ.dill@gmail.com>
Cc: Colin Wee <cwee@tesla.com>
Cc: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
from Adam Goldman <adamg@pobox.com>
This patch makes udhcpd respond correctly to queries from BOOTP clients.
It contains the following changes:
The end field, or DHCP_END option, is required in DHCP requests but
optional in BOOTP requests. However, we still send an end
field in all replies, because some BOOTP clients expect one in replies
even if they didn't send one in the request.
Requests without a DHCP_MESSAGE_TYPE are recognized as BOOTP requests
and handled appropriately, instead of being discarded. We still require
an RFC 1048 options field, but we allow it to be empty.
Since a BOOTP client will keep using the assigned IP forever, we only
send a BOOTP reply if a static lease exists for that client.
BOOTP replies shouldn't contain DHCP_* options, so we omit them if there
was no DHCP_MESSAGE_TYPE in the request. Options other than DHCP_*
options are still sent.
The options field of a BOOTP reply must be exactly 64 bytes. If we
construct a reply with more than 64 bytes of options, we give up and log
an error instead of sending it. udhcp_send_raw_packet already pads the
options field to 64 bytes if it is too short.
This implementation has been tested against an HP PA-RISC client.
function old new delta
.rodata 105247 105321 +74
udhcpd_main 1520 1591 +71
send_offer 419 470 +51
init_packet 81 97 +16
udhcp_init_header 75 88 +13
udhcp_scan_options 192 203 +11
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 6/0 up/down: 236/0) Total: 236 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
RFCs for DHCPv6 are written rather badly...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Various tools are Linuxish and should thus only attempted to build on
Linux only. Some features are also Linux-only.
Also, libresolv is used on all GNU platforms, notably GNU/Hurd and
GNU/kfreeBSD.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This matches udhcpc for IPv4.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
d6_listen_socket - 150 +150
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
option_to_env 686 694 +8
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map"
function old new delta
.rodata 108586 108460 -126
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-126) Total: -126 bytes
text data bss dec hex filename
970412 4219 1848 976479 ee65f busybox_old
970286 4219 1848 976353 ee5e1 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
udhcp_insert_new_option treats code for IPv6 as follows:
new->data[D6_OPT_CODE] = code >> 8;
new->data[D6_OPT_CODE + 1] = code & 0xff;
udhcp_find_option tests the code as follows:
while (opt_list && opt_list->data[OPT_CODE] < code)
...
if (opt_list && opt_list->data[OPT_CODE] == code)
So yes, OPT_CODE and D6_OPT_CODE are both 0, but the D6_OPT_CLIENTID =
1 value means that the 1 is in the seconds byte, and udhcp_find_option
is only looking at the first byte, So the send_d6_release can never
find it the created option.
function old new delta
udhcp_find_option 28 53 +25
attach_option 276 284 +8
udhcpc6_main 2602 2607 +5
perform_d6_release 262 267 +5
udhcpd_main 1518 1520 +2
udhcpc_main 2542 2544 +2
add_serverid_and_clientid_options 46 48 +2
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 7/0 up/down: 49/0) Total: 49 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
packed_usage 33891 33920 +29
dhcprelay_main 943 926 -17
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 29/-17) Total: 12 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
.rodata 104209 104238 +29
read_config 208 225 +17
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 46/0) Total: 46 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
packed_usage 33886 33891 +5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
packed_usage 33522 33534 +12
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
...and we did not error-check it, and this is the only use of it:
function old new delta
inet_addr 37 - -37
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Even though it is _meant to be_ an IP address, in the wild servers sometimes
give bogus server ids, like 1.1.1.1
function old new delta
udhcpc_main 2551 2542 -9
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
perform_release 105 169 +64
perform_d6_release 259 262 +3
init_d6_packet 84 85 +1
send_d6_discover 286 285 -1
send_d6_select 128 126 -2
send_d6_renew 176 174 -2
send_d6_info_request 65 63 -2
udhcpc_main 2555 2551 -4
send_select 130 122 -8
send_renew 99 91 -8
send_discover 89 81 -8
udhcpc6_main 2636 2602 -34
send_release 74 - -74
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 3/9 up/down: 68/-143) Total: -75 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
add_serverid_and_clientid_options - 46 +46
send_decline 88 83 -5
perform_release 200 159 -41
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/2 up/down: 46/-46) Total: 0 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
"-x vendor:VENDOR" will not be a trivial replacement of it:
(1) by default, we do send a vendor string ("udhcp BB_VER"),
will need code to preserve the default.
(2) -V '' currently disables vendor string. -x vendor:''
would not easily achieve that: it adds no option at all
(string options can't be empty), and default (1) would trigger.
To avoid that, we will need yet another hack to detect
-x vendor:'' and interpret that as "no vendor string at all".
IOW: removing -V is likely to increase code size, not decrease.
function old new delta
udhcpc_main 2563 2555 -8
.rodata 103251 103198 -53
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-61) Total: -61 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Even following current Internet standards, it can be perfectly
legitimate to issue IPv4 addresses that end in .0 or .255 via DHCP --
this can happen whenever the network is larger than /8. For example,
10.3.4.0 and 10.3.4.255 are legitimate host addresses in 10/8 or 10.3/16.
(We also want to be able to issue .0 addresses in smaller networks
following our proposed kernel patch and standards changes.)
This behavior is already fully controllable by the user, simply by
setting start_ip and end_ip correctly. Users who don't want to issue
.0 or .255 should set start_ip greater than .0 or end_ip less than .255
and udhcpd will already respect these bounds. (This is also the case
for other DHCP servers -- the recommended example configurations will
default to a lower bound starting with .1 or some other value, which is
typically appropriate, but the user is still allowed to change this to
.0 -- or to a range that overlaps a .0 or .255 address -- if so desired.)
Signed-off-by: Seth David Schoen <schoen@loyalty.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
udhcpc6_main 2628 2636 +8
udhcpc_main 2556 2563 +7
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 15/0) Total: 15 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
d4_run_script - 739 +739
d4_recv_raw_packet - 484 +484
d4_run_script_deconfig - 12 +12
perform_release 207 200 -7
udhcpc_main 2598 2556 -42
udhcp_recv_raw_packet 484 - -484
udhcp_run_script 739 - -739
------------------------------------------------------------------------------
(add/remove: 3/2 grow/shrink: 0/2 up/down: 1235/-1272) Total: -37 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
.rodata 103249 103246 -3
arpping 437 420 -17
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-20) Total: -20 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
log1s - 15 +15
udhcp_recv_kernel_packet 134 125 -9
d6_recv_kernel_packet 118 109 -9
change_listen_mode 280 271 -9
send_packet 162 141 -21
udhcpc_main 2625 2598 -27
udhcpc6_main 2655 2628 -27
d6_recv_raw_packet 255 216 -39
udhcp_recv_raw_packet 562 484 -78
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/8 up/down: 15/-219) Total: -204 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This restores old behavior where we slept for 1/2 of lease, then tried renewing,
thel slept for 1/4 and tried again, etc. But now we will NOT be listening to
all packets for 1/2 of lease time, processing (rejecting) everyone else's
DHCP traffic.
We'll go back to bound state, where we have no listening socket at all.
function old new delta
udhcpc6_main 2600 2655 +55
udhcpc_main 2608 2625 +17
.rodata 103250 103249 -1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 72/-1) Total: 71 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
change_listen_mode 299 280 -19
.rodata 103272 103250 -22
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-41) Total: -41 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
udhcpc_main 2566 2608 +42
.rodata 103248 103272 +24
udhcp_recv_raw_packet 559 562 +3
d6_recv_raw_packet 254 255 +1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/0 up/down: 70/0) Total: 70 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
udhcpc6_main 2571 2600 +29
udhcpc_main 2588 2566 -22
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 29/-22) Total: 7 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
attach_option 253 276 +23
udhcpc_main 2582 2588 +6
udhcpc6_main 2579 2571 -8
add_client_options 175 158 -17
udhcp_insert_new_option 169 138 -31
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/3 up/down: 29/-56) Total: -27 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
udhcpc_main 2563 2582 +19
dhcp_option_strings 294 301 +7
dhcp_optflags 80 82 +2
.rodata 103250 103248 -2
udhcpc_longopts 252 241 -11
add_client_options 209 175 -34
alloc_dhcp_option 59 - -59
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 3/3 up/down: 28/-106) Total: -78 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
61:HEX option
client_data.vendorclass, .hostname and .fqdn probably need the same treatment:
just insert them into the list of -x opts, get rid of
if (client_data.vendorclass)
udhcp_add_binary_option(packet, client_data.vendorclass);
if (client_data.hostname)
udhcp_add_binary_option(packet, client_data.hostname);
if (client_data.fqdn)
udhcp_add_binary_option(packet, client_data.fqdn);
function old new delta
udhcp_insert_new_option - 166 +166
perform_release 171 207 +36
perform_d6_release 227 259 +32
udhcpc6_main 2558 2580 +22
init_d6_packet 103 84 -19
udhcpc_main 2585 2564 -21
attach_option 397 253 -144
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 3/3 up/down: 256/-184) Total: 72 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
As reported in bug 13776, before this fix the renew never times out.
function old new delta
udhcpc_main 2541 2585 +44
udhcpc6_main 2567 2558 -9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 44/-9) Total: 35 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
udhcpc_main 2550 2541 -9
udhcpc6_main 2576 2567 -9
change_listen_mode 321 299 -22
.rodata 103294 103225 -69
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/4 up/down: 0/-109) Total: -109 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
seconds
This allows to fix a problem that we wait for renew replies
for up to half the lease (!!!) if they never come.
Make it so that lease of 60 seconds is not "rounded up" to 120 seconds -
set lower "sanity limit" to 30 seconds.
After 3 failed renew attempts, switch to rebind.
After this change, we can have more flexible choice of when to do
the first renew - does not need to be equal to lease / 2.
function old new delta
udhcpc6_main 2568 2576 +8
.rodata 103339 103294 -45
udhcpc_main 2609 2550 -59
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/2 up/down: 8/-104) Total: -96 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
advance the optionptr by two bytes, not one
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Discovered that the DHCP server on a TrendNet router (unknown model)
provides a zero-length option 12 (Host Name) in the DHCP ACK message. This
has the effect of causing udhcpc to drop the rest of the options, including
option 51 (IP Address Lease Time), 3 (Router), and 6 (Domain Name Server),
most importantly leaving the OpenWrt device with no default gateway.
The TrendNet behavior violates RFC 2132, which in Section 3.14 declares that
option 12 has a minimum length of 1 octet. It is perhaps not a cosmic coincidence
that I found this behavior on Pi Day.
This patch allows zero length options without bailing out, by simply skipping them.
function old new delta
udhcp_scan_options 183 172 -11
Signed-off-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
text data bss dec hex filename
1019916 559 5020 1025495 fa5d7 busybox_old
1019906 559 5020 1025485 fa5cd busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Before:
sending discover
sending select for 192.168.1.173
lease of 192.168.1.173 obtained, lease time 43200
sending renew to 192.168.1.1
lease of 192.168.1.173 obtained, lease time 43200
After:
broadcasting discover
broadcasting select for 192.168.1.173, server 192.168.1.1
lease of 192.168.1.173 obtained from 192.168.1.1, lease time 43200
sending renew to server 192.168.1.1
lease of 192.168.1.173 obtained from 192.168.1.1, lease time 43200
function old new delta
udhcpc_main 2580 2610 +30
send_select 104 130 +26
send_renew 82 99 +17
send_discover 94 89 -5
send_decline 93 88 -5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/2 up/down: 73/-10) Total: 63 bytes
text data bss dec hex filename
1019732 559 5020 1025311 fa51f busybox_old
1019898 559 5020 1025477 fa5c5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
fputs_stdout - 12 +12
zxc_vm_process 7237 7230 -7
yes_main 85 78 -7
write_block 380 373 -7
wrapf 305 298 -7
strings_main 437 430 -7
show_bridge 353 346 -7
rev_main 384 377 -7
put_prompt_custom 58 51 -7
put_cur_glyph_and_inc_cursor 168 161 -7
print_numbered_lines 152 145 -7
print_named_ascii 130 123 -7
print_name 135 128 -7
print_login_issue 386 379 -7
print_ascii 208 201 -7
powertop_main 1249 1242 -7
od_main 1789 1782 -7
logread_main 518 511 -7
head_main 804 797 -7
display_process_list 1319 1312 -7
cut_main 1002 995 -7
bb_dump_dump 1550 1543 -7
bb_ask_noecho 393 386 -7
baseNUM_main 702 695 -7
expand_main 755 745 -10
dumpleases_main 497 487 -10
write1 12 - -12
putcsi 37 23 -14
print_login_prompt 55 41 -14
paste_main 525 511 -14
cat_main 440 426 -14
print_it 245 230 -15
print_addrinfo 1188 1171 -17
print_rule 770 750 -20
print_linkinfo 842 822 -20
httpd_main 791 771 -20
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 0/34 up/down: 12/-341) Total: -329 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Andre Kalb <Andre.Kalb@sma.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|