]>
git.decadent.org.uk Git - odhcp6c.git/log
Steven Barth [Thu, 28 Jan 2016 15:59:12 +0000 (16:59 +0100)]
Merge pull request #41 from bwhacks/security-fixes
Security fixes
Ben Hutchings [Thu, 28 Jan 2016 02:09:47 +0000 (02:09 +0000)]
Add missing option length checks in dhcpv6_handle_advert
These might be redundant with checks elsewhere but it's better to be
safe.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:44:10 +0000 (01:44 +0000)]
Fix potential log forgery via status string
We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines. In dhcpv6_log_status_code,
replace all control characters with '?'.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:28:32 +0000 (01:28 +0000)]
Check for unsupported PD exclusion configuration in dhcpv6_parse_ia
We currently only support PD exclusions that only affect bits 64-95 of
the address, so we require:
32 <= PD prefix length < exclusion prefix length <= 64
The first inequality was not validated, and this could result in a
buffer overflow when generating the next request message.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:16:31 +0000 (01:16 +0000)]
Fix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state fails
If we fail to store information from the new server, the associated
NA and PD options will never be freed. An attacker could use this
for denial-of-service.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 01:14:04 +0000 (01:14 +0000)]
Change odhcp6c_insert_state to return a success/failure indicator
Some callers will need to free resources on failure.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Thu, 28 Jan 2016 00:49:22 +0000 (00:49 +0000)]
Fix possible stack buffer overflow in s46_to_env when copying IPv6 prefixes
An 8-bit prefix-length field can be as large as 255, but values larger
than 128 will result in a buffer overflow when copying to in6.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 19:07:52 +0000 (19:07 +0000)]
Fix off-by-one in buffer length in int_to_env
We need to allow for '=', negative sign, 10 digits and the null
terminator, adding up to 13 bytes not 12.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 18:02:04 +0000 (18:02 +0000)]
Fix potential buffer overflow in entry_to_env
It appears that an entry of type ENTRY_PREFIX with iaid != 1 and an
exclusion can expand to a string of length up to 154 bytes, whereas we
allocate only 144 bytes per entry.
Also, in case of truncation, snprintf() returns the length of the
un-truncated output so we must not use this to increment buf_len.
Finally some of the lengths given to snprintf() are unnecessarily
generous. Reduce them so we don't have to increase the allocated
length per entry further.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ben Hutchings [Fri, 22 Jan 2016 20:15:31 +0000 (20:15 +0000)]
Avoid copying buffer after dn_expand() fails
If dn_expand() returns an error we could copy from an uninitialised
output buffer or append the previous domain name again.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Steven Barth [Tue, 26 Jan 2016 19:29:01 +0000 (20:29 +0100)]
Merge pull request #40 from dedeckeh/bugfixes
script: Launch script with correct action if last script call is terminated
Hans Dedecker [Tue, 26 Jan 2016 08:20:33 +0000 (09:20 +0100)]
script: Launch script with correct action if last script call is terminated
Actions launched as resume will be used in a next script_call
if the new action is not marked as resume even when the previous
script run was already terminated.
This behavior is particular visible when a RA is received as
the script will run with action bound and not ra-updated
resulting into a wan6 interface down/up transition
Steven Barth [Mon, 27 Jul 2015 13:39:11 +0000 (15:39 +0200)]
odhcp6c: sync and accumulate RA & DHCPv6 events correctly
Steven Barth [Mon, 13 Jul 2015 14:15:52 +0000 (16:15 +0200)]
Merge pull request #37 from themiron/master
Avoid solicit for zero-length prefix
Vladislav Grishenko [Mon, 13 Jul 2015 13:12:41 +0000 (18:12 +0500)]
Merge branch 'upstream'
Steven Barth [Mon, 13 Jul 2015 10:38:42 +0000 (12:38 +0200)]
dhcpv6: remove dead code
Vladislav Grishenko [Sun, 12 Jul 2015 12:02:30 +0000 (17:02 +0500)]
Avoid solicit for zero-length prefix
Steven Barth [Tue, 9 Jun 2015 12:04:59 +0000 (14:04 +0200)]
dhcpv6: clear CUSTOM_OPTS in a more sane manner
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Sat, 16 May 2015 07:28:01 +0000 (09:28 +0200)]
Fix LW4over6 parameter handling
Steven Barth [Sat, 25 Apr 2015 16:49:59 +0000 (18:49 +0200)]
Merge pull request #33 from themiron/master
Avoid of waiting for Advertise in stateless-only mode
Vladislav Grishenko [Sat, 25 Apr 2015 15:52:57 +0000 (20:52 +0500)]
Avoid of waiting for Advertise in stateless-only mode
Start with Information-request when configured not to ask
IA_NA/IA_PD. It allows to complete the exchange using only
two messages, instead of four, and fixes infinite Advertise
waiting loop with servers that just ignore Solicit messages.
Steven Barth [Mon, 20 Apr 2015 09:59:56 +0000 (11:59 +0200)]
Fixup INF_MAX_RT for RFC 3315 as well
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Mon, 20 Apr 2015 09:16:21 +0000 (11:16 +0200)]
Fix SOL_MAX_RT default value to match RFC 3315
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Wed, 15 Apr 2015 13:02:55 +0000 (15:02 +0200)]
example: actually chmod new resolv.conf after overwriting
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Wed, 15 Apr 2015 12:55:57 +0000 (14:55 +0200)]
ra: avoid saving an empty search domain entry
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Tue, 14 Apr 2015 06:24:44 +0000 (08:24 +0200)]
scan-code fixes
Steven Barth [Mon, 13 Apr 2015 12:48:52 +0000 (14:48 +0200)]
Improve handling of DNS search domains
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Sun, 12 Apr 2015 12:02:59 +0000 (14:02 +0200)]
Fix odhcp6c_find_entry
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Sun, 12 Apr 2015 07:15:22 +0000 (09:15 +0200)]
Remove obsolete prefix class support
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Fri, 10 Apr 2015 11:31:56 +0000 (13:31 +0200)]
Sanitize RA values less
Steven Barth [Fri, 10 Apr 2015 11:19:44 +0000 (13:19 +0200)]
Pass ICMP configuration to user-space instead of directly applying it
Steven Barth [Thu, 9 Apr 2015 08:16:02 +0000 (10:16 +0200)]
Update README
Steven Barth [Thu, 9 Apr 2015 07:51:39 +0000 (09:51 +0200)]
script: don't resolve AFTR since DNS won't be applied yet anyway
Signed-off-by: Steven Barth <steven@midlink.org>
John Crispin [Sat, 28 Mar 2015 16:58:44 +0000 (17:58 +0100)]
properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>
Felix Fietkau [Sun, 29 Mar 2015 02:35:17 +0000 (04:35 +0200)]
ra: use proper struct msghdr initializer to fix build error on musl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Steven Barth [Wed, 25 Mar 2015 18:23:59 +0000 (19:23 +0100)]
make route metric more compatible with linux defaults
Steven Barth [Wed, 11 Mar 2015 09:06:54 +0000 (10:06 +0100)]
Get rid of getifaddrs for interface ID detection
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Tue, 17 Feb 2015 17:43:35 +0000 (18:43 +0100)]
Merge pull request #30 from themiron/master
Fix handling of DHCPv6 replies containing unrequested IA_NA/IA_PD options
Vladislav Grishenko [Tue, 17 Feb 2015 17:28:45 +0000 (22:28 +0500)]
Fix handling of DHCPv6 replies containing unrequested IA_NA/IA_PD options
Steven Barth [Tue, 17 Feb 2015 13:41:04 +0000 (14:41 +0100)]
example: prevent script from running in parallel to avoid races
Steven Barth [Tue, 13 Jan 2015 08:36:42 +0000 (09:36 +0100)]
set default information refresh time to 86400 as per RFC 4242
Steven Barth [Tue, 6 Jan 2015 13:29:47 +0000 (14:29 +0100)]
README: adjust for a bit of feature creep
Steven Barth [Wed, 31 Dec 2014 14:49:47 +0000 (15:49 +0100)]
Merge pull request #28 from janakj/master
Minor help string clarification for client-ID
Jan Janak [Wed, 31 Dec 2014 14:22:35 +0000 (15:22 +0100)]
Minor help string clarification for client-ID
Document that the value of -c must be a 16-bit type (network byte order) followed by a client-ID value.
For example, to use a UUID based client-ID (type 4, RFC 6355) one could use the following cmdline option:
-c0004<128_bit_uuid_in_hex>
Steven Barth [Wed, 10 Dec 2014 10:40:40 +0000 (11:40 +0100)]
Avoid sending empty DHCPv6 release messages
Steven Barth [Wed, 10 Dec 2014 10:38:20 +0000 (11:38 +0100)]
Don't apply excess filter to DHCPv6 and unify odhcp6c_update_entry
Steven Barth [Sun, 30 Nov 2014 19:25:45 +0000 (20:25 +0100)]
More compatibility with non RFC-compliant servers
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Fri, 28 Nov 2014 09:20:35 +0000 (10:20 +0100)]
Cleanup pidfile-gerneration
Steven Barth [Fri, 28 Nov 2014 00:36:44 +0000 (01:36 +0100)]
Be less picky when erroring out due to strange IA status-codes
Steven Barth [Fri, 28 Nov 2014 00:29:59 +0000 (01:29 +0100)]
Fix initial delay of SOLICIT message
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Tue, 18 Nov 2014 09:36:06 +0000 (10:36 +0100)]
Fix msghdr initialization on musl
Steven Barth [Tue, 18 Nov 2014 09:25:22 +0000 (10:25 +0100)]
Be less verbose by default and add -v flag
Steven Barth [Thu, 13 Nov 2014 11:54:54 +0000 (12:54 +0100)]
update cer-id definition
Steven Barth [Sat, 25 Oct 2014 10:37:01 +0000 (12:37 +0200)]
softwires: avoid unnecessary allocations
sbyx [Fri, 10 Oct 2014 14:25:10 +0000 (16:25 +0200)]
Merge pull request #24 from themiron/master
Fix parsing empty IA_NA, IA_PD and invalid IA_ADDR options
Vladislav Grishenko [Fri, 10 Oct 2014 12:18:42 +0000 (18:18 +0600)]
Fix parsing empty IA_NA, IA_PD and invalid IA_ADDR options
sbyx [Wed, 8 Oct 2014 13:59:44 +0000 (15:59 +0200)]
Merge pull request #23 from dedeckeh/bugfixes
odhcp6c: Set bound state true before script_call in statefull mode
Hans Dedecker [Wed, 8 Oct 2014 13:43:21 +0000 (15:43 +0200)]
odhcp6c: Set bound state true before script_call in statefull mode
Steven Barth [Wed, 8 Oct 2014 13:02:27 +0000 (15:02 +0200)]
script: don't leak IA_PD / IA_NA if not yet bound
Steven Barth [Wed, 8 Oct 2014 09:57:07 +0000 (11:57 +0200)]
Ensure signal-safety of signal handlers
Steven Barth [Mon, 6 Oct 2014 08:29:43 +0000 (10:29 +0200)]
Export DHCPv6 server address to env
Steven Barth [Sat, 27 Sep 2014 16:54:43 +0000 (18:54 +0200)]
Send RS alternatingly with and without source MAC
Steven Barth [Mon, 25 Aug 2014 06:08:56 +0000 (08:08 +0200)]
Enable softwire-support by default
Steven Barth [Fri, 22 Aug 2014 14:09:34 +0000 (16:09 +0200)]
Also test for correct IA-ID for IA_NA
Steven Barth [Fri, 22 Aug 2014 14:07:37 +0000 (16:07 +0200)]
ia_na: use big-endian 1 as IAID
Steven Barth [Wed, 13 Aug 2014 11:30:42 +0000 (13:30 +0200)]
Remove BFD from master-branch (kept in BFD-branch)
Steven Barth [Mon, 21 Jul 2014 10:10:38 +0000 (12:10 +0200)]
Send router solicitations with source link-layer address
Steven Barth [Fri, 30 May 2014 14:51:22 +0000 (16:51 +0200)]
Filter FQDN as well
Steven Barth [Fri, 30 May 2014 14:49:05 +0000 (16:49 +0200)]
Improve filter
Steven Barth [Fri, 23 May 2014 06:29:34 +0000 (08:29 +0200)]
filter DNS-domain from passthru
Steven Barth [Fri, 23 May 2014 06:15:49 +0000 (08:15 +0200)]
Add support for DHCPv6 option passthru
Steven Barth [Thu, 8 May 2014 09:12:43 +0000 (11:12 +0200)]
Add MAPE / MAPT / LW4O6 to Readme
Steven Barth [Thu, 8 May 2014 09:06:32 +0000 (11:06 +0200)]
softwire: fix DMR parsing
Steven Barth [Wed, 30 Apr 2014 15:49:32 +0000 (17:49 +0200)]
Fix compiler warning
Steven Barth [Wed, 30 Apr 2014 15:46:02 +0000 (17:46 +0200)]
MAP: export type value in rules
Steven Barth [Wed, 30 Apr 2014 15:39:15 +0000 (17:39 +0200)]
Fix MAP parameter parsing
Steven Barth [Mon, 28 Apr 2014 17:39:10 +0000 (19:39 +0200)]
Ignore multiple MAP-E instances for now and output DMR / BR for every rule
Steven Barth [Mon, 28 Apr 2014 09:37:13 +0000 (11:37 +0200)]
Initial support for MAP & LW4O6 provisioning
Steven Barth [Wed, 9 Apr 2014 06:56:01 +0000 (08:56 +0200)]
Fix fallout
Steven Barth [Wed, 9 Apr 2014 06:47:53 +0000 (08:47 +0200)]
Revert "Revert to old behaviour regarding information requests"
This reverts commit
c98181c4a48c57e405effd1dc9046aaaee6d480f .
sbyx [Thu, 3 Apr 2014 20:51:09 +0000 (22:51 +0200)]
Merge pull request #19 from dedeckeh/bugfixes
Add user-class option in help text and minor clean up
Hans Dedecker [Wed, 2 Apr 2014 20:30:48 +0000 (22:30 +0200)]
Add user-class option in help text and minor clean up
Steven Barth [Tue, 1 Apr 2014 10:07:28 +0000 (12:07 +0200)]
Correctly clear CER
Steven Barth [Tue, 1 Apr 2014 09:50:53 +0000 (11:50 +0200)]
Don't disable looping (meh)
Steven Barth [Sun, 30 Mar 2014 17:51:56 +0000 (19:51 +0200)]
Add initial support for CER-ID
Steven Barth [Mon, 24 Mar 2014 08:37:36 +0000 (09:37 +0100)]
Stop rebinding when all IAs are lost
Steven Barth [Tue, 18 Mar 2014 13:39:22 +0000 (14:39 +0100)]
Fix building with clang 3.4
Steven Barth [Tue, 11 Mar 2014 08:18:32 +0000 (09:18 +0100)]
Fix HMAC-MD5 verify in reconfigure
Steven Barth [Fri, 7 Mar 2014 09:33:49 +0000 (10:33 +0100)]
fix integer overflow after 50 days (thx Hauke Mehrtens)
Steven Barth [Wed, 5 Mar 2014 08:11:24 +0000 (09:11 +0100)]
ra: don't set nd_ra_{reachable,retransmit} to 0
Steven Barth [Wed, 5 Mar 2014 08:06:29 +0000 (09:06 +0100)]
Set default for min-update-interval to 30
sbyx [Tue, 4 Mar 2014 17:21:04 +0000 (18:21 +0100)]
Merge pull request #18 from kaspar030/rebase
add option to specify minimum interval for accepting RA or DHCP updates.
Kaspar Schleiser [Tue, 4 Mar 2014 15:29:02 +0000 (16:29 +0100)]
add option to specify minimum interval for accepting RA or DHCP updates.
This was fixed to 60s. Add '-m <seconds>' option to change default time.
Steven Barth [Sat, 1 Mar 2014 12:31:33 +0000 (13:31 +0100)]
Fix invalid use of open()
Steven Barth [Wed, 19 Feb 2014 08:14:09 +0000 (09:14 +0100)]
Make hex-string say base-16 encoded in help
Steven Barth [Mon, 17 Feb 2014 20:18:49 +0000 (21:18 +0100)]
Reintroduce Reconfigure-Accept in Request-Message
sbyx [Wed, 12 Feb 2014 13:51:54 +0000 (14:51 +0100)]
Merge pull request #16 from kaspar030/use_enum_for_iov
use enum to specify order and indexes of iov struct in dhcp_send().
Kaspar Schleiser [Wed, 12 Feb 2014 12:48:25 +0000 (13:48 +0100)]
use enum to specify order and indexes of iov struct.
This helps to avoid brainfuck index calculation errors when adding
features.
On my build machine (arch linux x86_64), the stripped binary has exactly
the same size, so this patch should produce the same binary, but
increase code maintainability.
Steven Barth [Thu, 6 Feb 2014 10:08:51 +0000 (11:08 +0100)]
Fix fallout from userclass addition
sbyx [Thu, 6 Feb 2014 07:05:45 +0000 (08:05 +0100)]
Merge pull request #15 from dedeckeh/bugfixes
Bugfixes