X-Git-Url: https://git.decadent.org.uk/gitweb/?p=odhcp6c.git;a=blobdiff_plain;f=src%2Fscript.c;h=fdc050bbccb6d5f02ce24c594af2d0d0a3e6c6de;hp=49f39c4ae2f28b57ed4dc9d86139bea1253adcec;hb=ec7f4701b348f5c4c3191ca83ecd8453c431c432;hpb=121a043f6dd1b6c6171dae3c041cb50693eae63f

diff --git a/src/script.c b/src/script.c
index 49f39c4..fdc050b 100644
--- a/src/script.c
+++ b/src/script.c
@@ -105,7 +105,9 @@ static void ipv6_to_env(const char *name,
 		buf_len += strlen(&buf[buf_len]);
 		buf[buf_len++] = ' ';
 	}
-	buf[buf_len - 1] = '\0';
+	if (buf[buf_len - 1] == ' ')
+		buf_len--;
+	buf[buf_len] = '\0';
 	putenv(buf);
 }
 
@@ -126,7 +128,9 @@ static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len)
 		buf_len += strlen(&buf[buf_len]);
 		buf[buf_len++] = ' ';
 	}
-	buf[buf_len - 1] = '\0';
+	if (buf[buf_len - 1] == ' ')
+		buf_len--;
+	buf[buf_len] = '\0';
 	putenv(buf);
 }
 
@@ -157,7 +161,10 @@ static void entry_to_env(const char *name, const void *data, size_t len, enum en
 {
 	size_t buf_len = strlen(name);
 	const struct odhcp6c_entry *e = data;
-	char *buf = realloc(NULL, buf_len + 2 + (len / sizeof(*e)) * 144);
+	// Worst case: ENTRY_PREFIX with iaid != 1 and exclusion
+	const size_t max_entry_len = (INET6_ADDRSTRLEN-1 + 5 + 22 + 15 + 10 +
+				      INET6_ADDRSTRLEN-1 + 11 + 1);
+	char *buf = realloc(NULL, buf_len + 2 + (len / sizeof(*e)) * max_entry_len);
 	memcpy(buf, name, buf_len);
 	buf[buf_len++] = '=';
 
@@ -165,34 +172,42 @@ static void entry_to_env(const char *name, const void *data, size_t len, enum en
 		inet_ntop(AF_INET6, &e[i].target, &buf[buf_len], INET6_ADDRSTRLEN);
 		buf_len += strlen(&buf[buf_len]);
 		if (type != ENTRY_HOST) {
-			buf_len += snprintf(&buf[buf_len], 6, "/%"PRIu16, e[i].length);
+			snprintf(&buf[buf_len], 6, "/%"PRIu16, e[i].length);
+			buf_len += strlen(&buf[buf_len]);
 			if (type == ENTRY_ROUTE) {
 				buf[buf_len++] = ',';
 				if (!IN6_IS_ADDR_UNSPECIFIED(&e[i].router)) {
 					inet_ntop(AF_INET6, &e[i].router, &buf[buf_len], INET6_ADDRSTRLEN);
 					buf_len += strlen(&buf[buf_len]);
 				}
-				buf_len += snprintf(&buf[buf_len], 24, ",%u", e[i].valid);
-				buf_len += snprintf(&buf[buf_len], 12, ",%u", e[i].priority);
+				snprintf(&buf[buf_len], 23, ",%u,%u", e[i].valid, e[i].priority);
+				buf_len += strlen(&buf[buf_len]);
 			} else {
-				buf_len += snprintf(&buf[buf_len], 24, ",%u,%u", e[i].preferred, e[i].valid);
+				snprintf(&buf[buf_len], 23, ",%u,%u", e[i].preferred, e[i].valid);
+				buf_len += strlen(&buf[buf_len]);
 			}
 
-			if (type == ENTRY_PREFIX && ntohl(e[i].iaid) != 1)
-				buf_len += snprintf(&buf[buf_len], 16, ",class=%08x", ntohl(e[i].iaid));
+			if (type == ENTRY_PREFIX && ntohl(e[i].iaid) != 1) {
+				snprintf(&buf[buf_len], 16, ",class=%08x", ntohl(e[i].iaid));
+				buf_len += strlen(&buf[buf_len]);
+			}
 
 			if (type == ENTRY_PREFIX && e[i].priority) {
 				// priority and router are abused for prefix exclusion
-				buf_len += snprintf(&buf[buf_len], 12, ",excluded=");
+				snprintf(&buf[buf_len], 11, ",excluded=");
+				buf_len += strlen(&buf[buf_len]);
 				inet_ntop(AF_INET6, &e[i].router, &buf[buf_len], INET6_ADDRSTRLEN);
 				buf_len += strlen(&buf[buf_len]);
-				buf_len += snprintf(&buf[buf_len], 24, "/%u", e[i].priority);
+				snprintf(&buf[buf_len], 12, "/%u", e[i].priority);
+				buf_len += strlen(&buf[buf_len]);
 			}
 		}
 		buf[buf_len++] = ' ';
 	}
 
-	buf[buf_len - 1] = '\0';
+	if (buf[buf_len - 1] == ' ')
+		buf_len--;
+	buf[buf_len] = '\0';
 	putenv(buf);
 }
 
@@ -205,20 +220,23 @@ static void search_to_env(const char *name, const uint8_t *start, size_t len)
 	*c++ = '=';
 
 	for (struct odhcp6c_entry *e = (struct odhcp6c_entry*)start;
-				(uint8_t*)e < &start[len] && &e->auxtarget[e->auxlen] <= &start[len];
-				e = (struct odhcp6c_entry*)(&e->auxtarget[e->auxlen])) {
+				(uint8_t*)e < &start[len] &&
+				(uint8_t*)odhcp6c_next_entry(e) <= &start[len];
+				e = odhcp6c_next_entry(e)) {
 		c = mempcpy(c, e->auxtarget, e->auxlen);
 		*c++ = ' ';
 	}
 
-	c[-1] = '\0';
+	if (c[-1] == ' ')
+		c--;
+	*c = '\0';
 	putenv(buf);
 }
 
 
 static void int_to_env(const char *name, int value)
 {
-	size_t len = 12 + strlen(name);
+	size_t len = 13 + strlen(name);
 	char *buf = realloc(NULL, len);
 	snprintf(buf, len, "%s=%d", name, value);
 	putenv(buf);
@@ -273,7 +291,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
 			size_t prefix6len = rule->prefix6_len;
 			prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1;
 
-			if (olen < sizeof(struct dhcpv6_s46_rule) + prefix6len)
+			if (prefix6len > sizeof(in6) ||
+			    olen < sizeof(struct dhcpv6_s46_rule) + prefix6len)
 				continue;
 
 			memcpy(&in6, rule->ipv6_prefix, prefix6len);
@@ -302,7 +321,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
 					size_t prefix6len = dmr->dmr_prefix6_len;
 					prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1;
 
-					if (olen < sizeof(struct dhcpv6_s46_dmr) + prefix6len)
+					if (prefix6len > sizeof(in6) ||
+					    olen < sizeof(struct dhcpv6_s46_dmr) + prefix6len)
 						continue;
 
 					memcpy(&in6, dmr->dmr_ipv6_prefix, prefix6len);
@@ -321,7 +341,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len
 			size_t prefix6len = bind->bindprefix6_len;
 			prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1;
 
-			if (olen < sizeof(struct dhcpv6_s46_v4v6bind) + prefix6len)
+			if (prefix6len > sizeof(in6) ||
+			    olen < sizeof(struct dhcpv6_s46_v4v6bind) + prefix6len)
 				continue;
 
 			memcpy(&in6, bind->bind_ipv6_prefix, prefix6len);