Age | Commit message (Collapse) | Author |
|
With this change the DHCP6_OPTION_IAADDR_LEN define can be removed in
favor of using sizeof(). Using the name of the struct and sizeof()
makes it clearer how much and what data is being copied from the
DHCPv6 message.
|
|
|
|
This would make it simple to verify that the data is on the right format when
the type is known.
|
|
|
|
The caller may have an existing DUID that it wants to use, and may
want to use some other DUID generation scheme than systemd's
default DUID-EN.
[tomegun: whitespace - we never use tabs]
|
|
Otherwise we would get a nullptr dereference later on.
Found by coverity. Fixes CID #1237655.
|
|
Don't manually free 'n' in error path as it's already tagged
_cleanup_free_ and will be freed once it goes out of scope,
leading to double-free in this case.
Found with coverity. Fixes: CID#1237786
|
|
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
|
|
The magic cookie is set in dhcp_message_init. Test the magic cookie
value intead of writing the last 3/4 of it directly.
Found with Coverity. Fixes: CID#1237732 CID#1237734 CID#1237735
|
|
Verify that the Elapsed Time option is present.
|
|
Implement Elapsed Time option as it is defined as MUST in RFC 3315,
section 22.9. The elapsed time value is a 1/100th of a second with
a max value of 0xffff, i.e. 655.35 seconds.
As the main loop might not be running yet when sd_dhcp6_client_start() is
called, fetch the monotonic time directly and not from the event loop
while in state DHCP6_STATE_STOPPED.
|
|
Also make pointer calculations more explicit so they are
easier to understand.
|
|
The whole DHCPv6 test message length was incorrectly used as the length
of DHCPv6 options causing the following bad memory access:
$ build/test-dhcp6-client
Assertion 'interface_index >= -1' failed at ../src/libsystemd-network/sd-dhcp6-client.c:129, function sd_dhcp6_client_set_index(). Ignoring.
=================================================================
==29135==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe204aa9148 at pc 0x7fe204a5958f bp 0x7fff3e47d470 sp 0x7fff3e47d460
READ of size 1 at 0x7fe204aa9148 thread T0
#0 0x7fe204a5958e in option_parse_hdr ../src/libsystemd-network/dhcp6-option.c:145
#1 0x7fe204a59884 in dhcp6_option_parse ../src/libsystemd-network/dhcp6-option.c:165
#2 0x7fe204a4eb9c in test_advertise_option ../src/libsystemd-network/test-dhcp6-client.c:227
#3 0x7fe204a51c58 in main ../src/libsystemd-network/test-dhcp6-client.c:584
#4 0x7fe2031590df in __libc_start_main (/lib64/libc.so.6+0x200df)
#5 0x7fe204a4cc5b (/home/test/systemd/build/test-dhcp6-client+0x25c5b)
0x7fe204aa9148 is located 2 bytes to the right of global variable 'msg_advertise' from '../src/libsystemd-network/test-dhcp6-client.c' (0x7fe204aa9080) of size 198
0x7fe204aa9148 is located 56 bytes to the left of global variable 'msg_reply' from '../src/libsystemd-network/test-dhcp6-client.c' (0x7fe204aa9180) of size 173
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/libsystemd-network/dhcp6-option.c:145 option_parse_hdr
|
|
|
|
|
|
|
|
This should help in debugging failing event sources.
|
|
|
|
makes ethernet addresses look funny
|
|
|
|
|
|
Reported by Corey Hammerton on G+
|
|
Don't overflow unnecessarily.
|
|
Primarily, this means we get rid of net_parse_inaddr(), and replace it
everywhere with in_addr_from_string() and in_addr_from_string_auto().
These functions do not clobber the callers arguments on failure, which
is more close to our usual coding style.
|
|
For now we simply take these values from the server's address.
|
|
Force renewing with a pool size of 0 would return the uninitialized r.
|
|
|
|
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
(also, fix some whitespace/indentation issues, and avoid "index" as identifier in
order to not clash against libc's "index()" call)
|
|
|
|
This partially implements RFC3203. Note that we are not fully compliant as we do not
support authentication.
|
|
This is necessary in order to listen for FORCERENEW events.
|
|
This allows the sockets to be bound to a specific address before it is configured,
also enable SO_REUSEADDR to allow multiple DHCP clients to run at the same time.
|
|
Keep this internal to the client and simply restart it when NAK is receieved, as
per the RFC.
|
|
RAW messages are verified by the BPF in the kernel.
|
|
The timeouts in the networking library (DHCP lease timeouts and similar) should not be affected
by suspend. In the cases where CLOCK_BOOTTIME is not implemented, it is still safe to fallback to
CLOCK_MONOTONIC, as the consumers of the library (i.e., networkd) _should_ renew the leases when
coming out of suspend.
|
|
In the state files, do not distinguish where the various entries came from
(static or DHCP), but include them all in the same list.
|
|
Probably a left-over from when router solicitations were
requested in the DHCP6 code. But since they are now separate,
this state is no longer needed.
|
|
Let's settle on a single type for all address family values, even if
UNIX is very inconsitent on the precise type otherwise. Given that
socket() is the primary entrypoint for the sockets API, and that uses
"int", and "int" is relatively simple and generic, we settle on "int"
for this.
|
|
arrays
As long as the number of array entries is relatively small it's nicer to
simply return the number of entries directly, instead of using a size_t*
return parameter for it.
|
|
It appears there is no good way to decide whether or not broadcasts should be enabled,
there is hardware that must have broadcast, and there are networks that only allow
unicast. So we give up and make this configurable.
By default, unicast is used, but if the kernel were to inform us abotu certain
interfaces requiring broadcast, we could change this to opt-in by default in
those cases.
|
|
It complains about optoffset possibly being uninitialized. It is wrong,
but let's just initialize it.
|
|
It complains about {max,init}_retransmit_time possibly being
uninitialized. It is wrong, but let's just initialize it.
|
|
Vendor Class Identifier be used by DHCP clients to identify
their vendor type and configuration. When using this option,
vendors can define their own specific identifier values, such
as to convey a particular hardware or operating system
configuration or other identifying information.
Vendor-specified DHCP options—features that let administrators assign
separate options to clients with similar configuration requirements.
For example, if DHCP-aware clients for example we want to separate
different gateway and option for different set of people
(dev/test/hr/finance) in a org or devices for example web/database
servers or let's say in a embedded device etc and require a different
default gateway or DNS server than the rest of clients.
|
|
Reading BPF assembly written as C macros is inherently difficult. Don't
make it harder than necessary and provide clearer explanation in the
comment.
|
|
We already ignore IP fragments, because we expect that Fragment
offset (FO) field is not set. However first fragment in a fragmented IP
flow will have all zeroes in FO field. We should ignore such packet as
well, thus we need to look at MF flag in the IP header. Checking MF flag
will filter out all except last packet in fragmented flows. Last one
will be ruled out by next check for value of FO.
|
|
Check that received DHCP packets actually include our MAC address in
chaddr field. BPF interpreter has 32 bit wide registers but MAC address
is 48 bits long so we have to do check in two steps.
|
|
If client->lease is NULL, dhcp6_lease_clear_timers will cause a segmentation
fault.
|
|
|