Don't leak the option data of non-DHCPINFORM messages received on

the udp socket.

Found by David Carlier.

ok yasuoka@

diff --git a/usr.sbin/dhcpd/dhcp.c b/usr.sbin/dhcpd/dhcp.c
index 18dc8c4..2bef010 100644 (file)
--- a/usr.sbin/dhcpd/dhcp.c
+++ b/usr.sbin/dhcpd/dhcp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dhcp.c,v 1.45 2016/02/06 23:50:10 krw Exp $ */
+/*     $OpenBSD: dhcp.c,v 1.46 2016/08/05 14:02:23 krw Exp $ */
 
 /*
  * Copyright (c) 1995, 1996, 1997, 1998, 1999
@@ -62,11 +62,17 @@ int outstanding_pings;
 static char dhcp_message[256];
 
 void
-dhcp(struct packet *packet)
+dhcp(struct packet *packet, int is_udpsock)
 {
        if (!locate_network(packet) && packet->packet_type != DHCPREQUEST)
                return;
 
+       if (is_udpsock && packet->packet_type != DHCPINFORM) {
+               note("Unable to handle a DHCP message type=%d on UDP "
+                   "socket", packet->packet_type);
+               return;
+       }
+
        switch (packet->packet_type) {
        case DHCPDISCOVER:
                dhcpdiscover(packet);

diff --git a/usr.sbin/dhcpd/dhcpd.h b/usr.sbin/dhcpd/dhcpd.h
index 4cc611d..28a5374 100644 (file)
--- a/usr.sbin/dhcpd/dhcpd.h
+++ b/usr.sbin/dhcpd/dhcpd.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dhcpd.h,v 1.53 2016/02/06 23:50:10 krw Exp $ */
+/*     $OpenBSD: dhcpd.h,v 1.54 2016/08/05 14:02:23 krw Exp $ */
 
 /*
  * Copyright (c) 1995, 1996, 1997, 1998, 1999
@@ -532,7 +532,7 @@ int                  tree_evaluate(struct tree_cache *);
 /* dhcp.c */
 extern int     outstanding_pings;
 
-void dhcp(struct packet *);
+void dhcp(struct packet *, int);
 void dhcpdiscover(struct packet *);
 void dhcprequest(struct packet *);
 void dhcprelease(struct packet *);

diff --git a/usr.sbin/dhcpd/options.c b/usr.sbin/dhcpd/options.c
index 5ca9a43..ce9c7ff 100644 (file)
--- a/usr.sbin/dhcpd/options.c
+++ b/usr.sbin/dhcpd/options.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: options.c,v 1.30 2016/02/06 23:50:10 krw Exp $        */
+/*     $OpenBSD: options.c,v 1.31 2016/08/05 14:02:23 krw Exp $        */
 
 /* DHCP options parsing and reassembly. */
 
@@ -547,15 +547,8 @@ do_packet(struct interface_info *interface, struct dhcp_packet *packet,
            tp.options[DHO_DHCP_MESSAGE_TYPE].data)
                tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
 
-       if (interface->is_udpsock) {
-               if (tp.packet_type != DHCPINFORM) {
-                       note("Unable to handle a DHCP message type=%d on UDP "
-                           "socket", tp.packet_type);
-                       return;
-               }
-       }
        if (tp.packet_type)
-               dhcp(&tp);
+               dhcp(&tp, interface->is_udpsock);
        else
                bootp(&tp);