Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/dhcpcd/dist Import dhcpcd-6.4.6 with the follow...
details: https://anonhg.NetBSD.org/src/rev/e7da9c24a801
branches: trunk
changeset: 332543:e7da9c24a801
user: roy <roy%NetBSD.org@localhost>
date: Sat Sep 27 01:14:51 2014 +0000
description:
Import dhcpcd-6.4.6 with the following changes:
* Detect removal of IPv6 routes
* Don't add link-local addresses to POINTOPOINT interfaces
* Don't discard expired DHCPv6 leases when dumping them
* If a DHCPv6 lease has no timers, expire it right away
* Report delegated addresses
* Call dhcpcd-run-hooks correctly when delegated prefixes already exist
* Fix a memory error when ia_* config exists but IPv6 is disabled
* Ensure servername and bootfile are safely exported
* Sanitise the following characters using svis(3) with VIS_CTYLE and
VIS_OCTAL:
| ^ & ; < > ( ) $ ` \ " ' <tab> <newline>
This allows a non buggy unvis(1) to decode it 100% and stays compatible
with how dhcpcd used to handle encoding on most platforms.
For systems that supply svis(3) there is a code reduction, for systems
that do not, a slight code increase. This change mitigates systems
affected by bash CVE-2014-6271 and CVE-2014-7169.
diffstat:
external/bsd/dhcpcd/dist/config.h | 3 +-
external/bsd/dhcpcd/dist/defs.h | 4 +-
external/bsd/dhcpcd/dist/dhcp-common.c | 73 +++++++++-----------
external/bsd/dhcpcd/dist/dhcp6.c | 113 ++++++++++++++++++++++++--------
external/bsd/dhcpcd/dist/ipv6.c | 29 +++++++-
external/bsd/dhcpcd/dist/ipv6.h | 3 +-
6 files changed, 149 insertions(+), 76 deletions(-)
diffs (truncated from 446 to 300 lines):
diff -r f81fead6022c -r e7da9c24a801 external/bsd/dhcpcd/dist/config.h
--- a/external/bsd/dhcpcd/dist/config.h Fri Sep 26 23:57:26 2014 +0000
+++ b/external/bsd/dhcpcd/dist/config.h Sat Sep 27 01:14:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: config.h,v 1.1.1.26 2014/06/14 20:51:06 roy Exp $ */
+/* $NetBSD: config.h,v 1.1.1.27 2014/09/27 01:14:55 roy Exp $ */
/* netbsd */
#define SYSCONFDIR "/etc"
@@ -7,6 +7,7 @@
#define LIBEXECDIR "/libexec"
#define DBDIR "/var/db"
#define RUNDIR "/var/run"
+#define HAVE_VIS_H
#define HAVE_SPAWN_H
#define HAVE_MD5_H
#define SHA2_H <sha2.h>
diff -r f81fead6022c -r e7da9c24a801 external/bsd/dhcpcd/dist/defs.h
--- a/external/bsd/dhcpcd/dist/defs.h Fri Sep 26 23:57:26 2014 +0000
+++ b/external/bsd/dhcpcd/dist/defs.h Sat Sep 27 01:14:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: defs.h,v 1.1.1.43 2014/09/18 20:43:58 roy Exp $ */
+/* $NetBSD: defs.h,v 1.1.1.44 2014/09/27 01:14:55 roy Exp $ */
/*
* dhcpcd - DHCP client daemon
@@ -30,7 +30,7 @@
#define CONFIG_H
#define PACKAGE "dhcpcd"
-#define VERSION "6.4.5"
+#define VERSION "6.4.6"
#ifndef CONFIG
# define CONFIG SYSCONFDIR "/" PACKAGE ".conf"
diff -r f81fead6022c -r e7da9c24a801 external/bsd/dhcpcd/dist/dhcp-common.c
--- a/external/bsd/dhcpcd/dist/dhcp-common.c Fri Sep 26 23:57:26 2014 +0000
+++ b/external/bsd/dhcpcd/dist/dhcp-common.c Sat Sep 27 01:14:51 2014 +0000
@@ -1,5 +1,5 @@
#include <sys/cdefs.h>
- __RCSID("$NetBSD: dhcp-common.c,v 1.1.1.8 2014/09/16 22:23:18 roy Exp $");
+ __RCSID("$NetBSD: dhcp-common.c,v 1.1.1.9 2014/09/27 01:14:51 roy Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -39,6 +39,11 @@
#include <unistd.h>
#include "config.h"
+
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+
#include "common.h"
#include "dhcp-common.h"
#include "dhcp.h"
@@ -294,14 +299,28 @@
return (ssize_t)count;
}
+/*
+ * Escape these characters to avoid any nastiness passing to a POSIX shell.
+ * See IEEE Std 1003.1, 2004 Shell Command Language, 2.2 Quoting
+ * space is not escaped.
+ */
+#define ESCAPE_CHARS "|&;<>()$`\\\"'\t\n"
+
+/*
+ * Prints a chunk of data to a string.
+ * Escapes some characters defnined above to try and avoid any loopholes
+ * in the shell we're passing to.
+ * Any non visible characters are escaped as an octal number.
+ */
ssize_t
print_string(char *s, size_t len, const uint8_t *data, size_t dl)
{
uint8_t c;
const uint8_t *e, *p;
- ssize_t bytes = 0;
- ssize_t r;
+ size_t bytes;
+ char v[5], *vp, *ve;
+ bytes = 0;
e = data + dl;
while (data < e) {
c = *data++;
@@ -313,51 +332,25 @@
if (p == e)
break;
}
- if (!isascii(c) || !isprint(c)) {
- if (s) {
- if (len < 5) {
- errno = ENOBUFS;
- return -1;
- }
- r = snprintf(s, len, "\\%03o", c);
- len -= (size_t)r;
- bytes += r;
- s += r;
- } else
- bytes += 4;
- continue;
+ ve = svis(v, c, VIS_CSTYLE | VIS_OCTAL,
+ data <= e ? *data : 0, ESCAPE_CHARS);
+ if (s && len < (size_t)(ve - v) + 1) {
+ errno = ENOBUFS;
+ return -1;
}
- switch (c) {
- case '"': /* FALLTHROUGH */
- case '\'': /* FALLTHROUGH */
- case '$': /* FALLTHROUGH */
- case '`': /* FALLTHROUGH */
- case '\\': /* FALLTHROUGH */
- case '|': /* FALLTHROUGH */
- case '&':
- if (s) {
- if (len < 3) {
- errno = ENOBUFS;
- return -1;
- }
- *s++ = '\\';
- len--;
- }
- bytes++;
- break;
+ bytes += (size_t)(ve - v);
+ if (s) {
+ vp = v;
+ while (vp != ve)
+ *s++ = *vp++;
}
- if (s) {
- *s++ = (char)c;
- len--;
- }
- bytes++;
}
/* NULL */
if (s)
*s = '\0';
bytes++;
- return bytes;
+ return (ssize_t)bytes;
}
#define ADDRSZ 4
diff -r f81fead6022c -r e7da9c24a801 external/bsd/dhcpcd/dist/dhcp6.c
--- a/external/bsd/dhcpcd/dist/dhcp6.c Fri Sep 26 23:57:26 2014 +0000
+++ b/external/bsd/dhcpcd/dist/dhcp6.c Sat Sep 27 01:14:51 2014 +0000
@@ -1,5 +1,5 @@
#include <sys/cdefs.h>
- __RCSID("$NetBSD: dhcp6.c,v 1.1.1.15 2014/09/18 20:43:56 roy Exp $");
+ __RCSID("$NetBSD: dhcp6.c,v 1.1.1.16 2014/09/27 01:14:55 roy Exp $");
/*
* dhcpcd - DHCP client daemon
@@ -1171,7 +1171,7 @@
TAILQ_FOREACH(ap, &state->addrs, next) {
if (ap->flags & IPV6_AF_ADDED &&
!(ap->flags & IPV6_AF_DADCOMPLETED))
- return 0;
+ return 0;
}
return 1;
}
@@ -1494,7 +1494,7 @@
dhcp6_freedrop_addrs(ifp, 1, NULL);
dhcp6_delete_delegates(ifp);
script_runreason(ifp, "EXPIRE6");
- if (ipv6nd_hasradhcp(ifp))
+ if (ipv6nd_hasradhcp(ifp) || dhcp6_hasprefixdelegation(ifp))
dhcp6_startdiscover(ifp);
else
syslog(LOG_WARNING,
@@ -2061,7 +2061,9 @@
if (fd == -1)
goto ex;
- if (state->expire != ND6_INFINITE_LIFETIME) {
+ if (!(ifp->ctx->options & DHCPCD_DUMPLEASE) &&
+ state->expire != ND6_INFINITE_LIFETIME)
+ {
gettimeofday(&now, NULL);
if ((time_t)state->expire < now.tv_sec - st.st_mtime) {
syslog(LOG_DEBUG,"%s: discarding expired lease",
@@ -2219,6 +2221,39 @@
}
static void
+dhcp6_script_try_run(struct interface *ifp)
+{
+ struct dhcp6_state *state;
+ struct ipv6_addr *ap;
+ int completed;
+
+ state = D6_STATE(ifp);
+ if (!TAILQ_FIRST(&state->addrs))
+ return;
+
+ completed = 1;
+ /* If all addresses have completed DAD run the script */
+ TAILQ_FOREACH(ap, &state->addrs, next) {
+ if (ap->flags & IPV6_AF_ONLINK) {
+ if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
+ ipv6_findaddr(ap->iface, &ap->addr))
+ ap->flags |= IPV6_AF_DADCOMPLETED;
+ if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) {
+ completed = 0;
+ break;
+ }
+ }
+ }
+ if (completed) {
+ script_runreason(ifp, state->reason);
+ dhcpcd_daemonise(ifp->ctx);
+ } else
+ syslog(LOG_DEBUG,
+ "%s: waiting for DHCPv6 DAD to complete",
+ ifp->name);
+}
+
+static void
dhcp6_delegate_prefix(struct interface *ifp)
{
struct if_options *ifo;
@@ -2317,6 +2352,7 @@
if (k && !carrier_warned) {
ifd_state = D6_STATE(ifd);
ipv6_addaddrs(&ifd_state->addrs);
+ dhcp6_script_try_run(ifd);
}
}
}
@@ -2381,6 +2417,7 @@
state->state = DH6S_DELEGATED;
ipv6_addaddrs(&state->addrs);
ipv6_buildroutes(ifp->ctx);
+ dhcp6_script_try_run(ifp);
}
return k;
}
@@ -2790,13 +2827,13 @@
if (state->renew == 0) {
if (state->expire == ND6_INFINITE_LIFETIME)
state->renew = ND6_INFINITE_LIFETIME;
- else
+ else if (state->lowpl != ND6_INFINITE_LIFETIME)
state->renew = (uint32_t)(state->lowpl * 0.5);
}
if (state->rebind == 0) {
if (state->expire == ND6_INFINITE_LIFETIME)
state->rebind = ND6_INFINITE_LIFETIME;
- else
+ else if (state->lowpl != ND6_INFINITE_LIFETIME)
state->rebind = (uint32_t)(state->lowpl * 0.8);
}
break;
@@ -2830,7 +2867,7 @@
if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME)
eloop_timeout_add_sec(ifp->ctx->eloop,
(time_t)state->rebind, dhcp6_startrebind, ifp);
- if (state->expire && state->expire != ND6_INFINITE_LIFETIME)
+ if (state->expire != ND6_INFINITE_LIFETIME)
eloop_timeout_add_sec(ifp->ctx->eloop,
(time_t)state->expire, dhcp6_startexpire, ifp);
@@ -2846,29 +2883,12 @@
"%s: renew in %"PRIu32" seconds,"
" rebind in %"PRIu32" seconds",
ifp->name, state->renew, state->rebind);
+ else if (state->expire == 0)
+ syslog(has_new ? LOG_INFO : LOG_DEBUG,
+ "%s: will expire", ifp->name);
ipv6_buildroutes(ifp->ctx);
dhcp6_writelease(ifp);
-
- len = 1;
- /* If all addresses have completed DAD run the script */
- TAILQ_FOREACH(ap, &state->addrs, next) {
- if (ap->flags & IPV6_AF_ONLINK) {
- if (!(ap->flags & IPV6_AF_DADCOMPLETED) &&
- ipv6_findaddr(ap->iface, &ap->addr))
- ap->flags |= IPV6_AF_DADCOMPLETED;
- if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0) {
- len = 0;
- break;
- }
- }
- }
- if (len) {
- script_runreason(ifp, state->reason);
- dhcpcd_daemonise(ifp->ctx);
- } else
- syslog(LOG_DEBUG,
- "%s: waiting for DHCPv6 DAD to complete",
Home |
Main Index |
Thread Index |
Old Index