summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Brüns <stefan.bruens@rwth-aachen.de>2015-08-27 23:53:26 +0200
committerJoe Hershberger <joe.hershberger@ni.com>2015-10-28 14:54:19 -0500
commit867d6ae2c9cec6a0f6f3a7472cf8397693f6cc35 (patch)
tree238c0d27100c8607d163908b8bec130e011beb50
parent829533287afbc2aff2b8c65eb0cbf8f8ee887ae2 (diff)
net: reject Bootp/DHCP packets with bad OP value
Rename check_packet to check_reply_packet to make its function more obvious. The check for DHCP_* values is completely off, as it should compare against DHCP option 53 (Message Type). Only valid value for any Bootp/DHCP reply is BOOTREPLY. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-rw-r--r--net/bootp.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/net/bootp.c b/net/bootp.c
index fbdc7cb3a3..3fac7f3b3a 100644
--- a/net/bootp.c
+++ b/net/bootp.c
@@ -109,7 +109,8 @@ static bool bootp_match_id(ulong id)
return false;
}
-static int check_packet(uchar *pkt, unsigned dest, unsigned src, unsigned len)
+static int check_reply_packet(uchar *pkt, unsigned dest, unsigned src,
+ unsigned len)
{
struct bootp_hdr *bp = (struct bootp_hdr *)pkt;
int retval = 0;
@@ -118,11 +119,7 @@ static int check_packet(uchar *pkt, unsigned dest, unsigned src, unsigned len)
retval = -1;
else if (len < sizeof(struct bootp_hdr) - OPT_FIELD_SIZE)
retval = -2;
- else if (bp->bp_op != OP_BOOTREQUEST &&
- bp->bp_op != OP_BOOTREPLY &&
- bp->bp_op != DHCP_OFFER &&
- bp->bp_op != DHCP_ACK &&
- bp->bp_op != DHCP_NAK)
+ else if (bp->bp_op != OP_BOOTREPLY)
retval = -3;
else if (bp->bp_htype != HWT_ETHER)
retval = -4;
@@ -343,7 +340,7 @@ static void bootp_handler(uchar *pkt, unsigned dest, struct in_addr sip,
bp = (struct bootp_hdr *)pkt;
/* Filter out pkts we don't want */
- if (check_packet(pkt, dest, src, len))
+ if (check_reply_packet(pkt, dest, src, len))
return;
/*
@@ -960,7 +957,7 @@ static void dhcp_handler(uchar *pkt, unsigned dest, struct in_addr sip,
src, dest, len, dhcp_state);
/* Filter out pkts we don't want */
- if (check_packet(pkt, dest, src, len))
+ if (check_reply_packet(pkt, dest, src, len))
return;
debug("DHCPHandler: got DHCP packet: (src=%d, dst=%d, len=%d) state: "