sd-dhcp-client: fix invalid free() in client_send_request()

[elogind.git] / src / libsystemd-network / sd-dhcp-client.c
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c

index 94235cf2f57d1a60ae479be27ccee1db59e28b55..2a46624f2e8c328e41c520e3377c96dd15f1c92d 100644 (file)
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -256,36 +256,55 @@ static sd_dhcp_client *client_stop(sd_dhcp_client *client, int error) {
          return client;
  }
  
          return client;
  }
  
-static int client_message_init(sd_dhcp_client *client, DHCPMessage *message,
-                               uint8_t type, uint8_t **opt, size_t *optlen) {
+static int client_message_init(sd_dhcp_client *client, DHCPPacket **ret,
+                               uint8_t type, size_t *_optlen, size_t *_optoffset) {
+        _cleanup_free_ DHCPPacket *packet;
+        size_t optlen, optoffset, size;
          be16_t max_size;
          int r;
  
          assert(client);
          assert(client->secs);
          be16_t max_size;
          int r;
  
          assert(client);
          assert(client->secs);
-        assert(message);
-        assert(opt);
-        assert(optlen);
+        assert(ret);
+        assert(_optlen);
+        assert(_optoffset);
          assert(type == DHCP_DISCOVER || type == DHCP_REQUEST);
  
          assert(type == DHCP_DISCOVER || type == DHCP_REQUEST);
  
-        r = dhcp_message_init(message, BOOTREQUEST, client->xid, type, opt,
-                              optlen);
+        optlen = DHCP_MIN_OPTIONS_SIZE;
+        size = sizeof(DHCPPacket) + optlen;
+
+        packet = malloc0(size);
+        if (!packet)
+                return -ENOMEM;
+
+        r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
+                              optlen, &optoffset);
          if (r < 0)
                  return r;
  
          /* Although 'secs' field is a SHOULD in RFC 2131, certain DHCP servers
             refuse to issue an DHCP lease if 'secs' is set to zero */
          if (r < 0)
                  return r;
  
          /* Although 'secs' field is a SHOULD in RFC 2131, certain DHCP servers
             refuse to issue an DHCP lease if 'secs' is set to zero */
-        message->secs = htobe16(client->secs);
+        packet->dhcp.secs = htobe16(client->secs);
+
+        /* RFC2132 section 4.1
+           A client that cannot receive unicast IP datagrams until its protocol
+           software has been configured with an IP address SHOULD set the
+           BROADCAST bit in the 'flags' field to 1 in any DHCPDISCOVER or
+           DHCPREQUEST messages that client sends.  The BROADCAST bit will
+           provide a hint to the DHCP server and BOOTP relay agent to broadcast
+           any messages to the client on the client's subnet. */
+        packet->dhcp.flags = htobe16(0x8000);
  
          /* RFC2132 section 4.1.1:
             The client MUST include its hardware address in the ’chaddr’ field, if
             necessary for delivery of DHCP reply messages.
           */
  
          /* RFC2132 section 4.1.1:
             The client MUST include its hardware address in the ’chaddr’ field, if
             necessary for delivery of DHCP reply messages.
           */
-        memcpy(&message->chaddr, &client->client_id.mac_addr, ETH_ALEN);
+        memcpy(&packet->dhcp.chaddr, &client->client_id.mac_addr, ETH_ALEN);
  
          /* Some DHCP servers will refuse to issue an DHCP lease if the Client
             Identifier option is not set */
  
          /* Some DHCP servers will refuse to issue an DHCP lease if the Client
             Identifier option is not set */
-        r = dhcp_option_append(opt, optlen, DHCP_OPTION_CLIENT_IDENTIFIER,
+        r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
+                               DHCP_OPTION_CLIENT_IDENTIFIER,
                                 sizeof(client->client_id), &client->client_id);
          if (r < 0)
                  return r;
                                 sizeof(client->client_id), &client->client_id);
          if (r < 0)
                  return r;
@@ -299,10 +318,9 @@ static int client_message_init(sd_dhcp_client *client, DHCPMessage *message,
             it MUST include that list in any subsequent DHCPREQUEST
             messages.
           */
             it MUST include that list in any subsequent DHCPREQUEST
             messages.
           */
-        r = dhcp_option_append(opt, optlen,
+        r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
                                 DHCP_OPTION_PARAMETER_REQUEST_LIST,
                                 DHCP_OPTION_PARAMETER_REQUEST_LIST,
-                               client->req_opts_size,
-                               client->req_opts);
+                               client->req_opts_size, client->req_opts);
          if (r < 0)
                  return r;
  
          if (r < 0)
                  return r;
  
@@ -314,14 +332,18 @@ static int client_message_init(sd_dhcp_client *client, DHCPMessage *message,
             than the defined default size unless the Maximum Messge Size option
             is explicitely set
           */
             than the defined default size unless the Maximum Messge Size option
             is explicitely set
           */
-        max_size = htobe16(DHCP_IP_UDP_SIZE + DHCP_MESSAGE_SIZE +
-                           DHCP_MIN_OPTIONS_SIZE);
-        r = dhcp_option_append(opt, optlen,
+        max_size = htobe16(size);
+        r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
                                 DHCP_OPTION_MAXIMUM_MESSAGE_SIZE,
                                 2, &max_size);
          if (r < 0)
                  return r;
  
                                 DHCP_OPTION_MAXIMUM_MESSAGE_SIZE,
                                 2, &max_size);
          if (r < 0)
                  return r;
  
+        *_optlen = optlen;
+        *_optoffset = optoffset;
+        *ret = packet;
+        packet = NULL;
+
          return 0;
  }
  
          return 0;
  }
  
@@ -336,8 +358,7 @@ static int dhcp_client_send_raw(sd_dhcp_client *client, DHCPPacket *packet,
  
  static int client_send_discover(sd_dhcp_client *client) {
          _cleanup_free_ DHCPPacket *discover = NULL;
  
  static int client_send_discover(sd_dhcp_client *client) {
          _cleanup_free_ DHCPPacket *discover = NULL;
-        size_t optlen, len;
-        uint8_t *opt;
+        size_t optoffset, optlen;
          usec_t time_now;
          int r;
  
          usec_t time_now;
          int r;
  
@@ -356,15 +377,8 @@ static int client_send_discover(sd_dhcp_client *client) {
           * must always be strictly positive to deal with broken servers */
          client->secs = ((time_now - client->start_time) / USEC_PER_SEC) ? : 1;
  
           * must always be strictly positive to deal with broken servers */
          client->secs = ((time_now - client->start_time) / USEC_PER_SEC) ? : 1;
  
-        optlen = DHCP_MIN_OPTIONS_SIZE;
-        len = sizeof(DHCPPacket) + optlen;
-
-        discover = malloc0(len);
-        if (!discover)
-                return -ENOMEM;
-
-        r = client_message_init(client, &discover->dhcp, DHCP_DISCOVER,
-                                &opt, &optlen);
+        r = client_message_init(client, &discover, DHCP_DISCOVER,
+                                &optlen, &optoffset);
          if (r < 0)
                  return r;
  
          if (r < 0)
                  return r;
  
@@ -375,22 +389,21 @@ static int client_send_discover(sd_dhcp_client *client) {
             option to suggest the lease time it would like.
           */
          if (client->last_addr != INADDR_ANY) {
             option to suggest the lease time it would like.
           */
          if (client->last_addr != INADDR_ANY) {
-                r = dhcp_option_append(&opt, &optlen,
-                                         DHCP_OPTION_REQUESTED_IP_ADDRESS,
-                                         4, &client->last_addr);
+                r = dhcp_option_append(&discover->dhcp, optlen, &optoffset, 0,
+                                       DHCP_OPTION_REQUESTED_IP_ADDRESS,
+                                       4, &client->last_addr);
                  if (r < 0)
                          return r;
          }
  
                  if (r < 0)
                          return r;
          }
  
-        r = dhcp_option_append(&opt, &optlen, DHCP_OPTION_END, 0, NULL);
-        if (r < 0)
-                return r;
+        r = dhcp_option_append(&discover->dhcp, optlen, &optoffset, 0,
+                               DHCP_OPTION_END, 0, NULL);
  
          /* We currently ignore:
             The client SHOULD wait a random time between one and ten seconds to
             desynchronize the use of DHCP at startup.
           */
  
          /* We currently ignore:
             The client SHOULD wait a random time between one and ten seconds to
             desynchronize the use of DHCP at startup.
           */
-        r = dhcp_client_send_raw(client, discover, len - optlen);
+        r = dhcp_client_send_raw(client, discover, sizeof(DHCPPacket) + optoffset);
          if (r < 0)
                  return r;
  
          if (r < 0)
                  return r;
  
@@ -400,20 +413,12 @@ static int client_send_discover(sd_dhcp_client *client) {
  }
  
  static int client_send_request(sd_dhcp_client *client) {
  }
  
  static int client_send_request(sd_dhcp_client *client) {
-        _cleanup_free_ DHCPPacket *request;
-        size_t optlen, len;
-        uint8_t *opt;
+        _cleanup_free_ DHCPPacket *request = NULL;
+        size_t optoffset, optlen;
          int r;
  
          int r;
  
-        optlen = DHCP_MIN_OPTIONS_SIZE;
-        len = sizeof(DHCPPacket) + optlen;
-
-        request = malloc0(len);
-        if (!request)
-                return -ENOMEM;
-
-        r = client_message_init(client, &request->dhcp, DHCP_REQUEST, &opt,
-                                &optlen);
+        r = client_message_init(client, &request, DHCP_REQUEST,
+                                &optlen, &optoffset);
          if (r < 0)
                  return r;
  
          if (r < 0)
                  return r;
  
@@ -428,13 +433,13 @@ static int client_send_request(sd_dhcp_client *client) {
                     filled in with the yiaddr value from the chosen DHCPOFFER.
                   */
  
                     filled in with the yiaddr value from the chosen DHCPOFFER.
                   */
  
-                r = dhcp_option_append(&opt, &optlen,
+                r = dhcp_option_append(&request->dhcp, optlen, &optoffset, 0,
                                         DHCP_OPTION_SERVER_IDENTIFIER,
                                         4, &client->lease->server_address);
                  if (r < 0)
                          return r;
  
                                         DHCP_OPTION_SERVER_IDENTIFIER,
                                         4, &client->lease->server_address);
                  if (r < 0)
                          return r;
  
-                r = dhcp_option_append(&opt, &optlen,
+                r = dhcp_option_append(&request->dhcp, optlen, &optoffset, 0,
                                         DHCP_OPTION_REQUESTED_IP_ADDRESS,
                                         4, &client->lease->address);
                  if (r < 0)
                                         DHCP_OPTION_REQUESTED_IP_ADDRESS,
                                         4, &client->lease->address);
                  if (r < 0)
@@ -447,7 +452,7 @@ static int client_send_request(sd_dhcp_client *client) {
                     option MUST be filled in with client’s notion of its previously
                     assigned address. ’ciaddr’ MUST be zero.
                   */
                     option MUST be filled in with client’s notion of its previously
                     assigned address. ’ciaddr’ MUST be zero.
                   */
-                r = dhcp_option_append(&opt, &optlen,
+                r = dhcp_option_append(&request->dhcp, optlen, &optoffset, 0,
                                         DHCP_OPTION_REQUESTED_IP_ADDRESS,
                                         4, &client->last_addr);
                  if (r < 0)
                                         DHCP_OPTION_REQUESTED_IP_ADDRESS,
                                         4, &client->last_addr);
                  if (r < 0)
@@ -480,7 +485,8 @@ static int client_send_request(sd_dhcp_client *client) {
                  return -EINVAL;
          }
  
                  return -EINVAL;
          }
  
-        r = dhcp_option_append(&opt, &optlen, DHCP_OPTION_END, 0, NULL);
+        r = dhcp_option_append(&request->dhcp, optlen, &optoffset, 0,
+                               DHCP_OPTION_END, 0, NULL);
          if (r < 0)
                  return r;
  
          if (r < 0)
                  return r;
  
@@ -489,9 +495,9 @@ static int client_send_request(sd_dhcp_client *client) {
                                                   client->lease->server_address,
                                                   DHCP_PORT_SERVER,
                                                   &request->dhcp,
                                                   client->lease->server_address,
                                                   DHCP_PORT_SERVER,
                                                   &request->dhcp,
-                                                 len - optlen - DHCP_IP_UDP_SIZE);
+                                                 sizeof(DHCPMessage) + optoffset);
          } else {
          } else {
-                r = dhcp_client_send_raw(client, request, len - optlen);
+                r = dhcp_client_send_raw(client, request, sizeof(DHCPPacket) + optoffset);
          }
          if (r < 0)
                  return r;
          }
          if (r < 0)
                  return r;
@@ -1189,8 +1195,12 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
          assert(client);
  
          r = ioctl(fd, FIONREAD, &buflen);
          assert(client);
  
          r = ioctl(fd, FIONREAD, &buflen);
-        if (r < 0 || buflen <= 0)
-                buflen = sizeof(DHCPMessage) + DHCP_MIN_OPTIONS_SIZE;
+        if (r < 0)
+                return r;
+
+        if (buflen < 0)
+                /* this can't be right */
+                return -EIO;
  
          message = malloc0(buflen);
          if (!message)
  
          message = malloc0(buflen);
          if (!message)
@@ -1199,7 +1209,7 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
          len = read(fd, message, buflen);
          if (len < 0) {
                  log_dhcp_client(client, "could not receive message from UDP "
          len = read(fd, message, buflen);
          if (len < 0) {
                  log_dhcp_client(client, "could not receive message from UDP "
-                                "socket: %s", strerror(errno));
+                                "socket: %m");
                  return 0;
          } else if ((size_t)len < sizeof(DHCPMessage))
                  return 0;
                  return 0;
          } else if ((size_t)len < sizeof(DHCPMessage))
                  return 0;
@@ -1227,8 +1237,12 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
          assert(client);
  
          r = ioctl(fd, FIONREAD, &buflen);
          assert(client);
  
          r = ioctl(fd, FIONREAD, &buflen);
-        if (r < 0 || buflen <= 0)
-                buflen = sizeof(DHCPPacket) + DHCP_MIN_OPTIONS_SIZE;
+        if (r < 0)
+                return r;
+
+        if (buflen < 0)
+                /* this can't be right */
+                return -EIO;
  
          packet = malloc0(buflen);
          if (!packet)
  
          packet = malloc0(buflen);
          if (!packet)
@@ -1240,7 +1254,7 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
          len = recvmsg(fd, &msg, 0);
          if (len < 0) {
                  log_dhcp_client(client, "could not receive message from raw "
          len = recvmsg(fd, &msg, 0);
          if (len < 0) {
                  log_dhcp_client(client, "could not receive message from raw "
-                                "socket: %s", strerror(errno));
+                                "socket: %m");
                  return 0;
          } else if ((size_t)len < sizeof(DHCPPacket))
                  return 0;
                  return 0;
          } else if ((size_t)len < sizeof(DHCPPacket))
                  return 0;