X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flibsystemd-network%2Fsd-dhcp-client.c;h=392e294ae43e27fe404c30c03542347e201eb99b;hp=0be6212a4f14953fbe4894ce39f6d2d393e233ae;hb=48a4612e6b67ae81b93ee8e8a4b3f8efa5324270;hpb=6a0f1f6d5af7c7300d3db7a0ba2b068f8abd222b;ds=inline diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index 0be6212a4..392e294ae 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -292,7 +293,7 @@ static int dhcp_client_send_raw(sd_dhcp_client *client, DHCPPacket *packet, } static int client_send_discover(sd_dhcp_client *client) { - _cleanup_free_ DHCPPacket *discover; + _cleanup_free_ DHCPPacket *discover = NULL; size_t optlen, len; uint8_t *opt; usec_t time_now; @@ -592,7 +593,7 @@ static int client_start(sd_dhcp_client *client) { client->xid = random_u32(); - r = dhcp_network_bind_raw_socket(client->index, &client->link); + r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid); if (r < 0) { client_stop(client, r); @@ -635,7 +636,7 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata) client->state = DHCP_STATE_REBINDING; client->attempt = 1; - r = dhcp_network_bind_raw_socket(client->index, &client->link); + r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid); if (r < 0) { client_stop(client, r); return 0; @@ -930,9 +931,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, assert(client->event); assert(message); - if (len < DHCP_MESSAGE_SIZE) { - log_dhcp_client(client, "message too small (%d bytes): " - "ignoring", len); + if (be32toh(message->magic) != DHCP_MAGIC_COOKIE) { + log_dhcp_client(client, "not a DHCP message: ignoring"); return 0; } @@ -948,6 +948,11 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, return 0; } + if (message->htype != ARPHRD_ETHER || message->hlen != ETHER_ADDR_LEN) { + log_dhcp_client(client, "not an ethernet packet"); + return 0; + } + if (memcmp(&message->chaddr[0], &client->client_id.mac_addr, ETH_ALEN)) { log_dhcp_client(client, "received chaddr does not match " @@ -1070,7 +1075,11 @@ static int client_receive_message_udp(sd_event_source *s, int fd, return -ENOMEM; len = read(fd, message, buflen); - if (len < 0) + if (len < 0) { + log_dhcp_client(client, "could not receive message from UDP " + "socket: %s", strerror(errno)); + return 0; + } else if ((size_t)len < sizeof(DHCPMessage)) return 0; return client_handle_message(client, message, len); @@ -1111,11 +1120,14 @@ static int client_receive_message_raw(sd_event_source *s, int fd, log_dhcp_client(client, "could not receive message from raw " "socket: %s", strerror(errno)); return 0; - } + } else if ((size_t)len < sizeof(DHCPPacket)) + return 0; for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { - if (cmsg->cmsg_level == SOL_PACKET && cmsg->cmsg_type == PACKET_AUXDATA) { - struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg); + if (cmsg->cmsg_level == SOL_PACKET && + cmsg->cmsg_type == PACKET_AUXDATA && + cmsg->cmsg_len == CMSG_LEN(sizeof(struct tpacket_auxdata))) { + struct tpacket_auxdata *aux = (struct tpacket_auxdata*)CMSG_DATA(cmsg); checksum = !(aux->tp_status & TP_STATUS_CSUMNOTREADY); break;