]> git.decadent.org.uk Git - odhcp6c.git/blobdiff - src/script.c
projects / odhcp6c.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix potential buffer overflow in entry_to_env
[odhcp6c.git] / src / script.c
diff --git a/src/script.c b/src/script.c
index e389cc933640afe364b379b0ffbef15ee62d91de..83fbea5a2c37e2b18cfa2966e319b42cff55a17e 100644 (file)
--- a/src/script.c
+++ b/src/script.c
@@ -22,6 +22,7 @@
 #include <unistd.h>
 #include <inttypes.h>
 #include <arpa/inet.h>
+#include <sys/wait.h>
 #include <netinet/in.h>
 
 #include "odhcp6c.h"
@@ -39,16 +40,27 @@ static const int8_t hexvals[] = {
 };
 
 
+static char action[16] = "";
+static char *argv[4] = {NULL, NULL, action, NULL};
+static volatile pid_t running = 0;
+static time_t started;
 
-static char *argv[4] = {NULL, NULL, NULL, NULL};
-static volatile char *delayed_call = NULL;
-static bool dont_delay = false;
 
+static void script_sighandle(int signal)
+{
+       if (signal == SIGCHLD) {
+               pid_t child;
+               while ((child = waitpid(-1, NULL, WNOHANG)) > 0)
+                       if (running == child)
+                               running = 0;
+       }
+}
 
 int script_init(const char *path, const char *ifname)
 {
        argv[0] = (char*)path;
        argv[1] = (char*)ifname;
+       signal(SIGCHLD, script_sighandle);
        return 0;
 }
 
@@ -106,9 +118,10 @@ static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len)
        char *buf = realloc(NULL, len + buf_len + 2);
        memcpy(buf, name, buf_len);
        buf[buf_len++] = '=';
-       int l = 1;
-       while (l > 0 && fqdn < fqdn_end) {
-               l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len);
+       while (fqdn < fqdn_end) {
+               int l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len);
+               if (l <= 0)
+                       break;
                fqdn += l;
                buf_len += strlen(&buf[buf_len]);
                buf[buf_len++] = ' ';
@@ -117,30 +130,6 @@ static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len)
        putenv(buf);
 }
 
-
-static void fqdn_to_ip_env(const char *name, const uint8_t *fqdn, size_t len)
-{
-       size_t buf_len = strlen(name);
-       char *buf = realloc(NULL, INET6_ADDRSTRLEN + buf_len + 3);
-       memcpy(buf, name, buf_len);
-       buf[buf_len++] = '=';
-
-       char namebuf[256];
-       if (dn_expand(fqdn, fqdn + len, fqdn, namebuf, sizeof(namebuf)) <= 0)
-               return;
-
-       struct addrinfo hints = {.ai_family = AF_INET6}, *r;
-       if (getaddrinfo(namebuf, NULL, &hints, &r))
-               return;
-
-       struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)r->ai_addr;
-       inet_ntop(AF_INET6, &sin6->sin6_addr, &buf[buf_len], INET6_ADDRSTRLEN);
-
-       freeaddrinfo(r);
-       putenv(buf);
-}
-
-
 static void bin_to_env(uint8_t *opts, size_t len)
 {
        uint8_t *oend = opts + len, *odata;
@@ -168,7 +157,10 @@ static void entry_to_env(const char *name, const void *data, size_t len, enum en
 {
        size_t buf_len = strlen(name);
        const struct odhcp6c_entry *e = data;
-       char *buf = realloc(NULL, buf_len + 2 + (len / sizeof(*e)) * 144);
+       // Worst case: ENTRY_PREFIX with iaid != 1 and exclusion
+       const size_t max_entry_len = (INET6_ADDRSTRLEN-1 + 5 + 22 + 15 + 10 +
+                                     INET6_ADDRSTRLEN-1 + 11 + 1);
+       char *buf = realloc(NULL, buf_len + 2 + (len / sizeof(*e)) * max_entry_len);
        memcpy(buf, name, buf_len);
        buf[buf_len++] = '=';
 
@@ -176,30 +168,34 @@ static void entry_to_env(const char *name, const void *data, size_t len, enum en
                inet_ntop(AF_INET6, &e[i].target, &buf[buf_len], INET6_ADDRSTRLEN);
                buf_len += strlen(&buf[buf_len]);
                if (type != ENTRY_HOST) {
-                       buf_len += snprintf(&buf[buf_len], 6, "/%"PRIu16, e[i].length);
+                       snprintf(&buf[buf_len], 6, "/%"PRIu16, e[i].length);
+                       buf += strlen(&buf[buf_len]);
                        if (type == ENTRY_ROUTE) {
                                buf[buf_len++] = ',';
                                if (!IN6_IS_ADDR_UNSPECIFIED(&e[i].router)) {
                                        inet_ntop(AF_INET6, &e[i].router, &buf[buf_len], INET6_ADDRSTRLEN);
                                        buf_len += strlen(&buf[buf_len]);
                                }
-                               buf_len += snprintf(&buf[buf_len], 24, ",%u", e[i].valid);
-                               buf_len += snprintf(&buf[buf_len], 12, ",%u", e[i].priority);
+                               snprintf(&buf[buf_len], 23, ",%u,%u", e[i].valid, e[i].priority);
+                               buf += strlen(&buf[buf_len]);
                        } else {
-                               buf_len += snprintf(&buf[buf_len], 24, ",%u,%u", e[i].preferred, e[i].valid);
+                               snprintf(&buf[buf_len], 23, ",%u,%u", e[i].preferred, e[i].valid);
+                               buf += strlen(&buf[buf_len]);
                        }
 
-                       if ((type == ENTRY_PREFIX || type == ENTRY_ADDRESS) && e[i].class)
-                               buf_len += snprintf(&buf[buf_len], 12, ",class=%u", e[i].class);
-                       else if (type == ENTRY_PREFIX && ntohl(e[i].iaid) != 1)
-                               buf_len += snprintf(&buf[buf_len], 16, ",class=%08x", ntohl(e[i].iaid));
+                       if (type == ENTRY_PREFIX && ntohl(e[i].iaid) != 1) {
+                               snprintf(&buf[buf_len], 16, ",class=%08x", ntohl(e[i].iaid));
+                               buf += strlen(&buf[buf_len]);
+                       }
 
                        if (type == ENTRY_PREFIX && e[i].priority) {
                                // priority and router are abused for prefix exclusion
-                               buf_len += snprintf(&buf[buf_len], 12, ",excluded=");
+                               snprintf(&buf[buf_len], 11, ",excluded=");
+                               buf_len += strlen(&buf[buf_len]);
                                inet_ntop(AF_INET6, &e[i].router, &buf[buf_len], INET6_ADDRSTRLEN);
                                buf_len += strlen(&buf[buf_len]);
-                               buf_len += snprintf(&buf[buf_len], 24, "/%u", e[i].priority);
+                               snprintf(&buf[buf_len], 12, "/%u", e[i].priority);
+                               buf_len += strlen(&buf[buf_len]);
                        }
                }
                buf[buf_len++] = ' ';
@@ -210,6 +206,34 @@ static void entry_to_env(const char *name, const void *data, size_t len, enum en
 }
 
 
+static void search_to_env(const char *name, const uint8_t *start, size_t len)
+{
+       size_t buf_len = strlen(name);
+       char *buf = realloc(NULL, buf_len + 2 + len);
+       char *c = mempcpy(buf, name, buf_len);
+       *c++ = '=';
+
+       for (struct odhcp6c_entry *e = (struct odhcp6c_entry*)start;
+                               (uint8_t*)e < &start[len] && &e->auxtarget[e->auxlen] <= &start[len];
+                               e = (struct odhcp6c_entry*)(&e->auxtarget[e->auxlen])) {
+               c = mempcpy(c, e->auxtarget, e->auxlen);
+               *c++ = ' ';
+       }
+
+       c[-1] = '\0';
+       putenv(buf);
+}
+
+
+static void int_to_env(const char *name, int value)
+{
+       size_t len = 12 + strlen(name);
+       char *buf = realloc(NULL, len);
+       snprintf(buf, len, "%s=%d", name, value);
+       putenv(buf);
+}
+
+
 static void s46_to_env_portparams(const uint8_t *data, size_t len, FILE *fp)
 {
        uint8_t *odata;
@@ -230,6 +254,9 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
        const char *name = (state == STATE_S46_MAPE) ? "MAPE" :
                        (state == STATE_S46_MAPT) ? "MAPT" : "LW4O6";
 
+       if (len == 0)
+               return;
+
        char *str;
        size_t strsize;
 
@@ -244,7 +271,6 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
        uint16_t otype, olen;
        dhcpv6_for_each_option(data, &data[len], otype, olen, odata) {
                struct dhcpv6_s46_rule *rule = (struct dhcpv6_s46_rule*)odata;
-               struct dhcpv6_s46_dmr *dmr = (struct dhcpv6_s46_dmr*)odata;
                struct dhcpv6_s46_v4v6bind *bind = (struct dhcpv6_s46_v4v6bind*)odata;
 
                if (state != STATE_S46_LW && otype == DHCPV6_OPT_S46_RULE &&
@@ -280,7 +306,7 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
                                        fprintf(fp, "br=%s,", buf6);
                                } else if (state == STATE_S46_MAPT && otype == DHCPV6_OPT_S46_DMR &&
                                                olen >= sizeof(struct dhcpv6_s46_dmr)) {
-                                       dmr = (struct dhcpv6_s46_dmr*)odata;
+                                       struct dhcpv6_s46_dmr *dmr = (struct dhcpv6_s46_dmr*)odata;
                                        memset(&in6, 0, sizeof(in6));
                                        size_t prefix6len = dmr->dmr_prefix6_len;
                                        prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1;
@@ -293,6 +319,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
                                        fprintf(fp, "dmr=%s/%d,", buf6, dmr->dmr_prefix6_len);
                                }
                        }
+
+                       fputc(' ', fp);
                } else if (state == STATE_S46_LW && otype == DHCPV6_OPT_S46_V4V6BIND &&
                                olen >= sizeof(struct dhcpv6_s46_v4v6bind)) {
                        char buf4[INET_ADDRSTRLEN];
@@ -310,8 +338,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
                        inet_ntop(AF_INET, &bind->ipv4_address, buf4, sizeof(buf4));
                        inet_ntop(AF_INET6, &in6, buf6, sizeof(buf6));
 
-                       fprintf(fp, "type=%s,ipv4address=%s,prefix6len=%d,ipv6prefix=%s,",
-                                       type, buf4, bind->bindprefix6_len, buf6);
+                       fprintf(fp, "type=%s,prefix4len=32,prefix6len=%d,ipv4prefix=%s,ipv6prefix=%s,",
+                                       type, bind->bindprefix6_len, buf4, buf6);
 
                        s46_to_env_portparams(&bind->bind_ipv6_prefix[prefix6len],
                                        olen - sizeof(*bind) - prefix6len, fp);
@@ -322,9 +350,9 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
                                        fprintf(fp, "br=%s,", buf6);
                                }
                        }
-               }
 
-               fputc(' ', fp);
+                       fputc(' ', fp);
+               }
        }
 
        fclose(fp);
@@ -332,62 +360,63 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
 }
 
 
-static void script_call_delayed(int signal __attribute__((unused)))
+void script_call(const char *status, int delay, bool resume)
 {
-       if (delayed_call)
-               script_call((char*)delayed_call);
-}
-
+       time_t now = odhcp6c_get_milli_time() / 1000;
+       bool running_script = false;
 
-void script_delay_call(const char *status, int timeout)
-{
-       if (dont_delay) {
-               script_call(status);
-       } else if (!delayed_call) {
-               delayed_call = strdup(status);
-               signal(SIGALRM, script_call_delayed);
-               alarm(timeout);
+       if (running) {
+               kill(running, SIGTERM);
+               delay -= now - started;
+               running_script = true;
        }
-}
 
+       if (resume || !running_script || !action[0])
+               strncpy(action, status, sizeof(action) - 1);
+
+       pid_t pid = fork();
+       if (pid > 0) {
+               running = pid;
+               started = now;
+
+               if (!resume)
+                       action[0] = 0;
+       } else if (pid == 0) {
+               size_t dns_len, search_len, custom_len, sntp_ip_len, ntp_ip_len, ntp_dns_len;
+               size_t sip_ip_len, sip_fqdn_len, aftr_name_len, cer_len, addr_len;
+               size_t s46_mapt_len, s46_mape_len, s46_lw_len, passthru_len;
+
+               signal(SIGTERM, SIG_DFL);
+               if (delay > 0) {
+                       sleep(delay);
+                       odhcp6c_expire();
+               }
 
-void script_call(const char *status)
-{
-       size_t dns_len, search_len, custom_len, sntp_ip_len, ntp_ip_len, ntp_dns_len;
-       size_t sip_ip_len, sip_fqdn_len, aftr_name_len, cer_len, addr_len;
-       size_t s46_mapt_len, s46_mape_len, s46_lw_len, passthru_len;
-
-       odhcp6c_expire();
-       if (delayed_call) {
-               alarm(0);
-               dont_delay = true;
-       }
+               struct in6_addr *addr = odhcp6c_get_state(STATE_SERVER_ADDR, &addr_len);
+               struct in6_addr *dns = odhcp6c_get_state(STATE_DNS, &dns_len);
+               uint8_t *search = odhcp6c_get_state(STATE_SEARCH, &search_len);
+               uint8_t *custom = odhcp6c_get_state(STATE_CUSTOM_OPTS, &custom_len);
+               struct in6_addr *sntp = odhcp6c_get_state(STATE_SNTP_IP, &sntp_ip_len);
+               struct in6_addr *ntp = odhcp6c_get_state(STATE_NTP_IP, &ntp_ip_len);
+               uint8_t *ntp_dns = odhcp6c_get_state(STATE_NTP_FQDN, &ntp_dns_len);
+               struct in6_addr *sip = odhcp6c_get_state(STATE_SIP_IP, &sip_ip_len);
+               uint8_t *sip_fqdn = odhcp6c_get_state(STATE_SIP_FQDN, &sip_fqdn_len);
+               uint8_t *aftr_name = odhcp6c_get_state(STATE_AFTR_NAME, &aftr_name_len);
+               struct in6_addr *cer = odhcp6c_get_state(STATE_CER, &cer_len);
+               uint8_t *s46_mapt = odhcp6c_get_state(STATE_S46_MAPT, &s46_mapt_len);
+               uint8_t *s46_mape = odhcp6c_get_state(STATE_S46_MAPE, &s46_mape_len);
+               uint8_t *s46_lw = odhcp6c_get_state(STATE_S46_LW, &s46_lw_len);
+               uint8_t *passthru = odhcp6c_get_state(STATE_PASSTHRU, &passthru_len);
+
+               size_t prefix_len, address_len, ra_pref_len,
+                       ra_route_len, ra_dns_len, ra_search_len;
+               uint8_t *prefix = odhcp6c_get_state(STATE_IA_PD, &prefix_len);
+               uint8_t *address = odhcp6c_get_state(STATE_IA_NA, &address_len);
+               uint8_t *ra_pref = odhcp6c_get_state(STATE_RA_PREFIX, &ra_pref_len);
+               uint8_t *ra_route = odhcp6c_get_state(STATE_RA_ROUTE, &ra_route_len);
+               uint8_t *ra_dns = odhcp6c_get_state(STATE_RA_DNS, &ra_dns_len);
+               uint8_t *ra_search = odhcp6c_get_state(STATE_RA_SEARCH, &ra_search_len);
 
-       struct in6_addr *addr = odhcp6c_get_state(STATE_SERVER_ADDR, &addr_len);
-       struct in6_addr *dns = odhcp6c_get_state(STATE_DNS, &dns_len);
-       uint8_t *search = odhcp6c_get_state(STATE_SEARCH, &search_len);
-       uint8_t *custom = odhcp6c_get_state(STATE_CUSTOM_OPTS, &custom_len);
-       struct in6_addr *sntp = odhcp6c_get_state(STATE_SNTP_IP, &sntp_ip_len);
-       struct in6_addr *ntp = odhcp6c_get_state(STATE_NTP_IP, &ntp_ip_len);
-       uint8_t *ntp_dns = odhcp6c_get_state(STATE_NTP_FQDN, &ntp_dns_len);
-       struct in6_addr *sip = odhcp6c_get_state(STATE_SIP_IP, &sip_ip_len);
-       uint8_t *sip_fqdn = odhcp6c_get_state(STATE_SIP_FQDN, &sip_fqdn_len);
-       uint8_t *aftr_name = odhcp6c_get_state(STATE_AFTR_NAME, &aftr_name_len);
-       struct in6_addr *cer = odhcp6c_get_state(STATE_CER, &cer_len);
-       uint8_t *s46_mapt = odhcp6c_get_state(STATE_S46_MAPT, &s46_mapt_len);
-       uint8_t *s46_mape = odhcp6c_get_state(STATE_S46_MAPE, &s46_mape_len);
-       uint8_t *s46_lw = odhcp6c_get_state(STATE_S46_LW, &s46_lw_len);
-       uint8_t *passthru = odhcp6c_get_state(STATE_PASSTHRU, &passthru_len);
-
-       size_t prefix_len, address_len, ra_pref_len, ra_route_len, ra_dns_len;
-       uint8_t *prefix = odhcp6c_get_state(STATE_IA_PD, &prefix_len);
-       uint8_t *address = odhcp6c_get_state(STATE_IA_NA, &address_len);
-       uint8_t *ra_pref = odhcp6c_get_state(STATE_RA_PREFIX, &ra_pref_len);
-       uint8_t *ra_route = odhcp6c_get_state(STATE_RA_ROUTE, &ra_route_len);
-       uint8_t *ra_dns = odhcp6c_get_state(STATE_RA_DNS, &ra_dns_len);
-
-       // Don't set environment before forking, because env is leaky.
-       if (fork() == 0) {
                ipv6_to_env("SERVER", addr, addr_len / sizeof(*addr));
                ipv6_to_env("RDNSS", dns, dns_len / sizeof(*dns));
                ipv6_to_env("SNTP_IP", sntp, sntp_ip_len / sizeof(*sntp));
@@ -397,28 +426,33 @@ void script_call(const char *status)
                fqdn_to_env("DOMAINS", search, search_len);
                fqdn_to_env("SIP_DOMAIN", sip_fqdn, sip_fqdn_len);
                fqdn_to_env("AFTR", aftr_name, aftr_name_len);
-               fqdn_to_ip_env("AFTR_IP", aftr_name, aftr_name_len);
                ipv6_to_env("CER", cer, cer_len / sizeof(*cer));
                s46_to_env(STATE_S46_MAPE, s46_mape, s46_mape_len);
                s46_to_env(STATE_S46_MAPT, s46_mapt, s46_mapt_len);
                s46_to_env(STATE_S46_LW, s46_lw, s46_lw_len);
                bin_to_env(custom, custom_len);
-               entry_to_env("PREFIXES", prefix, prefix_len, ENTRY_PREFIX);
-               entry_to_env("ADDRESSES", address, address_len, ENTRY_ADDRESS);
+
+               if (odhcp6c_is_bound()) {
+                       entry_to_env("PREFIXES", prefix, prefix_len, ENTRY_PREFIX);
+                       entry_to_env("ADDRESSES", address, address_len, ENTRY_ADDRESS);
+               }
+
                entry_to_env("RA_ADDRESSES", ra_pref, ra_pref_len, ENTRY_ADDRESS);
                entry_to_env("RA_ROUTES", ra_route, ra_route_len, ENTRY_ROUTE);
                entry_to_env("RA_DNS", ra_dns, ra_dns_len, ENTRY_HOST);
+               search_to_env("RA_DOMAINS", ra_search, ra_search_len);
+
+               int_to_env("RA_HOPLIMIT", ra_conf_hoplimit(0));
+               int_to_env("RA_MTU", ra_conf_mtu(0));
+               int_to_env("RA_REACHABLE", ra_conf_reachable(0));
+               int_to_env("RA_RETRANSMIT", ra_conf_retransmit(0));
 
                char *buf = malloc(10 + passthru_len * 2);
                strncpy(buf, "PASSTHRU=", 10);
                script_hexlify(&buf[9], passthru, passthru_len);
                putenv(buf);
 
-               argv[2] = (char*)status;
                execv(argv[0], argv);
                _exit(128);
        }
-
-       // Delete lost prefixes and user opts
-       odhcp6c_clear_state(STATE_CUSTOM_OPTS);
 }
Package: odhcp6c