Module Name: src Committed By: bouyer Date: Sat May 21 13:31:00 UTC 2011
Modified Files: src/external/bsd/dhcpcd/dist [netbsd-5-0]: dhcp.c dhcpcd-run-hooks.8.in dhcpcd-run-hooks.in src/external/bsd/dhcpcd/dist/dhcpcd-hooks [netbsd-5-0]: 20-resolv.conf 30-hostname Log Message: Apply patch, requested by spz in ticket 1603: external/bsd/dhcpcd/dist/dhcp.c patch external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in patch external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in patch external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf patch external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname patch Escape | and & characters before passing the value to the shell Ensure we set a valid hostname, DNS domain and NIS domain. Document the need for input validation in dhcpcd-run-hooks(8). Fixes CVE-2011-996 To generate a diff of this commit: cvs rdiff -u -r1.1.1.2.6.2.2.1 -r1.1.1.2.6.2.2.2 \ src/external/bsd/dhcpcd/dist/dhcp.c cvs rdiff -u -r1.1.1.2.6.1.2.1 -r1.1.1.2.6.1.2.2 \ src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in cvs rdiff -u -r1.1.1.2.6.1 -r1.1.1.2.6.1.2.1 \ src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in cvs rdiff -u -r1.1.1.2 -r1.1.1.2.10.1 \ src/external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf \ src/external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/dhcpcd/dist/dhcp.c diff -u src/external/bsd/dhcpcd/dist/dhcp.c:1.1.1.2.6.2.2.1 src/external/bsd/dhcpcd/dist/dhcp.c:1.1.1.2.6.2.2.2 --- src/external/bsd/dhcpcd/dist/dhcp.c:1.1.1.2.6.2.2.1 Tue Aug 4 20:23:37 2009 +++ src/external/bsd/dhcpcd/dist/dhcp.c Sat May 21 13:31:00 2011 @@ -1056,6 +1056,8 @@ case '$': /* FALLTHROUGH */ case '`': /* FALLTHROUGH */ case '\\': /* FALLTHROUGH */ + case '|': /* FALLTHROUGH */ + case '&': if (s) { if (len < 3) { errno = ENOBUFS; Index: src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in diff -u src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in:1.1.1.2.6.1.2.1 src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in:1.1.1.2.6.1.2.2 --- src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in:1.1.1.2.6.1.2.1 Tue Aug 4 20:23:37 2009 +++ src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.8.in Sat May 21 13:31:00 2011 @@ -1,4 +1,4 @@ -.\" Copyright 2006-2008 Roy Marples +.\" Copyright (c) 2006-2011 Roy Marples .\" All rights reserved .\" .\" Redistribution and use in source and binary forms, with or without @@ -112,3 +112,11 @@ .An Roy Marples <r...@marples.name> .Sh BUGS Please report them to http://roy.marples.name/projects/dhcpcd +.Sh SECURITY CONSIDERATIONS +Little validation of DHCP options is done in dhcpcd itself. +Instead, it is up to the hooks to handle any validation needed. +To this end, some helper functions are provided, such as valid_domainname as +used by the +.Pa 20-resolv.conf +hook to ensure that the hostname is not set to an invalid value. +valid_path is also provided, but is currently unused by a stock hook script. Index: src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in diff -u src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in:1.1.1.2.6.1 src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in:1.1.1.2.6.1.2.1 --- src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in:1.1.1.2.6.1 Fri Feb 6 02:25:38 2009 +++ src/external/bsd/dhcpcd/dist/dhcpcd-run-hooks.in Sat May 21 13:31:00 2011 @@ -115,6 +115,46 @@ mv -f "$1"-pre."${interface}" "$1" } +# Check for a valid domain name as per RFC1123 with the exception of +# allowing - and _ as they seem to be widely used. +valid_domainname() +{ + local name="$1" label + + [ -z "$name" -o ${#name} -gt 255 ] && return 1 + + while [ -n "$name" ]; do + label="${name%%.*}" + [ -z "$label" -o ${#label} -gt 63 ] && return 1 + case "$label" in + -*|_*|*-|*_) return 1;; + *[![:alnum:]-_]*) return 1;; + esac + [ "$name" = "${name#*.}" ] && break + name="${name#*.}" + done + return 0 +} + +valid_domainname_list() +{ + local name + + for name in $@; do + valid_domainname "$name" || return $? + done + return 0 +} + +# Check for a valid path +valid_path() +{ + case "$@" in + *[![:alnum:]#%+-_:\.,@~\\/\[\]=\ ]*) return 1;; + esac + return 0 +} + # We source each script into this one so that scripts run earlier can # remove variables from the environment so later scripts don't see them. Index: src/external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf diff -u src/external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf:1.1.1.2 src/external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf:1.1.1.2.10.1 --- src/external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf:1.1.1.2 Fri Sep 19 22:59:58 2008 +++ src/external/bsd/dhcpcd/dist/dhcpcd-hooks/20-resolv.conf Sat May 21 13:31:00 2011 @@ -67,9 +67,19 @@ fi if [ -n "${new_domain_search}" ]; then - conf="${conf}search ${new_domain_search}\n" + if valid_domainname_list; then + conf="${conf}search ${new_domain_search}\n" + else + syslog err "Invalid domain name in list: $new_domain_search" + fi elif [ -n "${new_domain_name}" ]; then - conf="${conf}search ${new_domain_name}\n" + set -- $new_domain_name + new_domain_name="$1" + if valid_domainname "$new_domain_name"; then + conf="${conf}search ${new_domain_name}\n" + else + syslog err "Invalid domain name: $new_domain_name" + fi fi for x in ${new_domain_name_servers}; do conf="${conf}nameserver ${x}\n" Index: src/external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname diff -u src/external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname:1.1.1.2 src/external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname:1.1.1.2.10.1 --- src/external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname:1.1.1.2 Fri Sep 19 22:59:58 2008 +++ src/external/bsd/dhcpcd/dist/dhcpcd-hooks/30-hostname Sat May 21 13:31:00 2011 @@ -12,13 +12,22 @@ esac } +try_hostname() +{ + if valid_domainname "$1"; then + hostname "$1" + else + syslog err "Invalid hostname: $1" + fi +} + set_hostname() { if need_hostname; then if [ -n "${new_host_name}" ]; then - hostname "${new_host_name}" + try_hostname "${new_host_name}" else - hostname "${new_fqdn_name}" + try_hostname "${new_fqdn_name}" fi fi }