networkd: do not automatically propagate bogus DNS/NTP servers

Never propagate DNS/NTP servers on the local link via the DHCP server. The
DNS/NTP servers 0.0.0.0 and 127.0.0.1 only make sense in the local context,
hence never propagate them automatically to other hosts.

Fixes: #4524

1 files changed, 12 insertions, 1 deletions

diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 216f4aab52..b38eec1ba7 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -862,15 +862,22 @@ static int link_push_uplink_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
                 return 0;
 
         for (i = 0; i < link->network->n_dns; i++) {
+                struct in_addr ia;
 
                 /* Only look for IPv4 addresses */
                 if (link->network->dns[i].family != AF_INET)
                         continue;
 
+                ia = link->network->dns[i].address.in;
+
+                /* Never propagate obviously borked data */
+                if (in4_addr_is_null(&ia) || in4_addr_is_localhost(&ia))
+                        continue;
+
                 if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1))
                         return log_oom();
 
-                addresses[n_addresses++] = link->network->dns[i].address.in;
+                addresses[n_addresses++] = ia;
         }
 
         if (link->network->dhcp_use_dns && link->dhcp_lease) {
@@ -911,6 +918,10 @@ static int link_push_uplink_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) {
                 if (inet_pton(AF_INET, *a, &ia) <= 0)
                         continue;
 
+                /* Never propagate obviously borked data */
+                if (in4_addr_is_null(&ia) || in4_addr_is_localhost(&ia))
+                        continue;
+
                 if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1))
                         return log_oom();