diff options
-rw-r--r-- | src/libsystemd-dhcp/dhcp-packet.c | 34 | ||||
-rw-r--r-- | src/libsystemd-dhcp/sd-dhcp-client.c | 4 |
2 files changed, 28 insertions, 10 deletions
diff --git a/src/libsystemd-dhcp/dhcp-packet.c b/src/libsystemd-dhcp/dhcp-packet.c index d606d55a05..4501d27571 100644 --- a/src/libsystemd-dhcp/dhcp-packet.c +++ b/src/libsystemd-dhcp/dhcp-packet.c @@ -132,38 +132,58 @@ int dhcp_packet_verify_headers(DHCPPacket *packet, uint8_t op, size_t len) { assert(op == BOOTREQUEST || op == BOOTREPLY); - if (len < (DHCP_IP_UDP_SIZE + DHCP_MESSAGE_SIZE)) + if (len < (DHCP_IP_UDP_SIZE + DHCP_MESSAGE_SIZE)) { + log_dhcp_client(client, "ignoring packet: packet too small"); return -EINVAL; + } hdrlen = packet->ip.ihl * 4; - if (hdrlen < 20 || hdrlen > len || dhcp_checksum(&packet->ip, hdrlen)) + if (hdrlen < 20 || hdrlen > len) { + log_dhcp_client(client, "ignoring packet: header with wrong size"); return -EINVAL; + } - if (hdrlen + be16toh(packet->udp.len) > len) + if (dhcp_checksum(&packet->ip, hdrlen)) { + log_dhcp_client(client, "ignoring packet: invalid ip checksum"); return -EINVAL; + } + + if (hdrlen + be16toh(packet->udp.len) > len) { + log_dhcp_client(client, "ignoring packet: packet too small (udp.len=%u)", + be16toh(packet->udp.len)); + return -EINVAL; + } if (packet->udp.check) { packet->ip.check = packet->udp.len; packet->ip.ttl = 0; if (dhcp_checksum(&packet->ip.ttl, - be16toh(packet->udp.len) + 12)) + be16toh(packet->udp.len) + 12)) { + log_dhcp_client(client, "ignoring packet: invalid udp checksum"); return -EINVAL; + } } - if (packet->dhcp.op != op) + if (packet->dhcp.op != op) { + log_dhcp_client(client, "ignoring packet: wrong operation"); return -EINVAL; + } switch (op) { case BOOTREQUEST: if (be16toh(packet->udp.source) != DHCP_PORT_CLIENT || - be16toh(packet->udp.dest) != DHCP_PORT_SERVER) + be16toh(packet->udp.dest) != DHCP_PORT_SERVER) { + log_dhcp_client(client, "ignoring packet: wrong ports"); return -EINVAL; + } break; case BOOTREPLY: if (be16toh(packet->udp.source) != DHCP_PORT_SERVER || - be16toh(packet->udp.dest) != DHCP_PORT_CLIENT) + be16toh(packet->udp.dest) != DHCP_PORT_CLIENT) { + log_dhcp_client(client, "ignoring packet: wrong ports"); return -EINVAL; + } break; } diff --git a/src/libsystemd-dhcp/sd-dhcp-client.c b/src/libsystemd-dhcp/sd-dhcp-client.c index 3506755304..7f86d92fb5 100644 --- a/src/libsystemd-dhcp/sd-dhcp-client.c +++ b/src/libsystemd-dhcp/sd-dhcp-client.c @@ -870,10 +870,8 @@ static int client_receive_message_raw(sd_event_source *s, int fd, packet = (DHCPPacket *) buf; r = dhcp_packet_verify_headers(packet, BOOTREPLY, len); - if (r < 0) { - log_dhcp_client(client, "ignoring DHCP packet with invalid headers"); + if (r < 0) return 0; - } len -= DHCP_IP_UDP_SIZE; |