Commit 03669258 authored by Tomek Mrugalski's avatar Tomek Mrugalski 🛰
Browse files

- Strict checks for content of domain-name DHCPv4 option can now be

  configured during compilation time. Even though RFC2132 does not allow
  to store more than one domain in domain-name option, such behavior is
  now enabled by default, but this may change some time in the future.
  See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
  [ISC-Bugs #24167]
parent 2ca56780
......@@ -182,6 +182,13 @@ work on other platforms. Please report any problems and suggested fixes to
- Compilation fix for gcc 4.5 or newer in server/ddns.c
[ISC-Bugs #24973]
- Strict checks for content of domain-name DHCPv4 option can now be
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
Changes since 4.1-ESV-R1
! In dhclient check the data for some string options for
......
......@@ -4006,8 +4006,13 @@ static int check_option_values(struct universe *universe,
/* just reject options we want to protect, will be escaped anyway */
if ((universe == NULL) || (universe == &dhcp_universe)) {
switch(opt) {
case DHO_HOST_NAME:
case DHO_DOMAIN_NAME:
#ifdef ACCEPT_LIST_IN_DOMAIN_NAME
return check_domain_name_list(ptr, len, 0);
#else
return check_domain_name(ptr, len, 0);
#endif
case DHO_HOST_NAME:
case DHO_NIS_DOMAIN:
case DHO_NETBIOS_SCOPE:
return check_domain_name(ptr, len, 0);
......
......@@ -3324,6 +3324,33 @@ int parse_boolean_expression (expr, cfile, lose)
return 1;
}
/* boolean :== ON SEMI | OFF SEMI | TRUE SEMI | FALSE SEMI */
int parse_boolean (cfile)
struct parse *cfile;
{
enum dhcp_token token;
const char *val;
int rv;
token = next_token (&val, (unsigned *)0, cfile);
if (!strcasecmp (val, "true")
|| !strcasecmp (val, "on"))
rv = 1;
else if (!strcasecmp (val, "false")
|| !strcasecmp (val, "off"))
rv = 0;
else {
parse_warn (cfile,
"boolean value (true/false/on/off) expected");
skip_to_semi (cfile);
return 0;
}
parse_semi (cfile);
return rv;
}
/*
* data_expression :== SUBSTRING LPAREN data-expression COMMA
* numeric-expression COMMA
......
......@@ -1718,7 +1718,6 @@ void parse_failover_state (struct parse *,
#endif
int permit_list_match (struct permit *, struct permit *);
void parse_pool_statement (struct parse *, struct group *, int);
int parse_boolean (struct parse *);
int parse_lbrace (struct parse *);
void parse_host_declaration (struct parse *, struct group *);
int parse_class_declaration (struct class **, struct parse *,
......@@ -1798,6 +1797,7 @@ int parse_if_statement (struct executable_statement **,
struct parse *, int *);
int parse_boolean_expression (struct expression **,
struct parse *, int *);
int parse_boolean (struct parse *);
int parse_data_expression (struct expression **,
struct parse *, int *);
int parse_numeric_expression (struct expression **,
......
......@@ -200,3 +200,10 @@
source port of the message it received. This is useful for testing
but is only included for backwards compatibility. */
/* #define REPLY_TO_SOURCE_PORT */
/* Define this if you want to allow domain list in domain-name option.
RFC2132 does not allow that behavior, but it is somewhat used due
to historic reasons. Note that it may be removed some time in the
future. */
#define ACCEPT_LIST_IN_DOMAIN_NAME
......@@ -1738,32 +1738,6 @@ cleanup:
pool_dereference (&pool, MDL);
}
/* boolean :== ON SEMI | OFF SEMI | TRUE SEMI | FALSE SEMI */
int parse_boolean (cfile)
struct parse *cfile;
{
enum dhcp_token token;
const char *val;
int rv;
token = next_token (&val, (unsigned *)0, cfile);
if (!strcasecmp (val, "true")
|| !strcasecmp (val, "on"))
rv = 1;
else if (!strcasecmp (val, "false")
|| !strcasecmp (val, "off"))
rv = 0;
else {
parse_warn (cfile,
"boolean value (true/false/on/off) expected");
skip_to_semi (cfile);
return 0;
}
parse_semi (cfile);
return rv;
}
/* Expect a left brace; if there isn't one, skip over the rest of the
statement and return zero; otherwise, return 1. */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment