Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Final (I hope) DHCP client security fix.

Browse Source
This commit is contained in:
mellon 2000-07-20 05:49:35 +00:00
parent 0d5d0bd93a
commit 8e7171f5ab
12 changed files with 73 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
usr.sbin/dhcp/common/socket.c
View File

@ -51,7 +51,7 @@
#ifndef lint
static char copyright[] =
"$Id: socket.c,v 1.1.1.10 2000/06/10 18:04:51 mellon Exp $ Copyright (c) 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. All rights reserved.\n";
"$Id: socket.c,v 1.1.1.11 2000/07/20 05:49:35 mellon Exp $ Copyright (c) 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. All rights reserved.\n";
#endif /* not lint */
#include "dhcpd.h"
@ -137,8 +137,14 @@ int if_register_socket (info)
log_fatal ("Can't set SO_BROADCAST option on dhcp socket: %m");
/* Bind the socket to this interface's IP address. */
if (bind (sock, (struct sockaddr *)&name, sizeof name) < 0)
log_fatal ("Can't bind to dhcp address: %m");
if (bind (sock, (struct sockaddr *)&name, sizeof name) < 0) {
log_error ("Can't bind to dhcp address: %m");
log_error ("Please make sure there is no other dhcp server");
log_error ("running and that there's no entry for dhcp or");
log_error ("bootp in /etc/inetd.conf. Also make sure you");
log_error ("are not running HP JetAdmin software, which");
log_fatal ("includes a bootp server.");
}
#if defined (HAVE_SO_BINDTODEVICE)
/* Bind this socket to this interface. */

16
usr.sbin/dhcp/includes/minires/minires.h
View File

@ -31,7 +31,7 @@ int minires_update (ns_updrec *);
ns_updrec *minires_mkupdrec (int, const char *, unsigned int,
unsigned int, unsigned long);
void minires_freeupdrec (ns_updrec *);
int minires_nmkupdate (res_state, ns_updrec *, unsigned char *, unsigned *);
int minires_nmkupdate (res_state, ns_updrec *, double *, unsigned *);
ns_rcode minires_nupdate (res_state, ns_updrec *);
int minires_ninit (res_state);
@ -121,9 +121,9 @@ unsigned int res_randomid (void);
ns_rcode res_findzonecut (res_state, const char *, ns_class, int, char *,
size_t, struct in_addr *, int, int *, void *);
int res_nsend (res_state,
unsigned char *, unsigned, unsigned char *, unsigned);
int res_nsendsigned (res_state, unsigned char *,
unsigned, ns_tsig_key *, unsigned char *, unsigned);
double *, unsigned, double *, unsigned);
int res_nsendsigned (res_state, double *,
unsigned, ns_tsig_key *, double *, unsigned);
int ns_samename (const char *, const char *);
int res_nameinquery (const char *, int, int,
const unsigned char *, const unsigned char *);
@ -147,15 +147,15 @@ int ns_name_uncompress (const u_char *, const u_char *,
const u_char *, char *, size_t);
int res_nmkquery (res_state, int,
const char *, ns_class, ns_type, const unsigned char *,
unsigned, const unsigned char *, unsigned char *, unsigned);
unsigned, const unsigned char *, double *, unsigned);
int ns_initparse (const unsigned char *, unsigned, ns_msg *);
int res_nquery(res_state, const char *,
ns_class, ns_type, unsigned char *, unsigned anslen);
ns_class, ns_type, double *, unsigned anslen);
int res_nsearch(res_state, const char *,
ns_class, ns_type, unsigned char *, unsigned);
ns_class, ns_type, double *, unsigned);
const char *res_hostalias (const res_state, const char *, char *, size_t);
int res_nquerydomain(res_state, const char *, const char *,
ns_class class, ns_type type, unsigned char *, unsigned);
ns_class class, ns_type type, double *, unsigned);
int ns_skiprr(const unsigned char *, const unsigned char *, ns_sect, int);
int dn_skipname (const unsigned char *, const unsigned char *);

16
usr.sbin/dhcp/includes/minires/resolv.h
View File

@ -50,7 +50,7 @@
/*
* @(#)resolv.h 8.1 (Berkeley) 6/2/93
* $Id: resolv.h,v 1.1.1.1 2000/04/22 07:11:51 mellon Exp $
* $Id: resolv.h,v 1.1.1.2 2000/07/20 05:50:00 mellon Exp $
*/
#ifndef _RESOLV_H_
@ -93,18 +93,18 @@ typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
res_sendhookact;
typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *ns,
u_char **query,
double **query,
unsigned *querylen,
u_char *ans,
double *ans,
unsigned anssiz,
int *resplen);
typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *ns,
u_char *query,
unsigned querylen,
u_char *ans,
unsigned anssiz,
int *resplen);
double *query,
unsigned querylen,
double *ans,
unsigned anssiz,
int *resplen);
struct res_sym {
int number; /* Identifying number, like T_MX */

19
usr.sbin/dhcp/minires/res_findzonecut.c
View File

@ -1,5 +1,5 @@
#if !defined(lint) && !defined(SABER)
static const char rcsid[] = "$Id: res_findzonecut.c,v 1.1.1.3 2000/07/08 20:40:52 mellon Exp $";
static const char rcsid[] = "$Id: res_findzonecut.c,v 1.1.1.4 2000/07/20 05:50:17 mellon Exp $";
#endif /* not lint */
/*
@ -74,7 +74,7 @@ static void free_nsrrset(rrset_ns *);
static void free_nsrr(rrset_ns *, rr_ns *);
static rr_ns * find_ns(rrset_ns *, const char *);
static ns_rcode do_query(res_state, const char *, ns_class, ns_type,
u_char *, ns_msg *, int *);
double *, ns_msg *, int *);
/* Public. */
@ -237,7 +237,7 @@ get_soa(res_state statp, const char *dname, ns_class class,
rrset_ns *nsrrsp)
{
char tname[NS_MAXDNAME];
u_char resp[NS_PACKETSZ];
double resp[NS_PACKETSZ / sizeof (double)];
int n, i, ancount, nscount;
ns_sect sect;
ns_msg msg;
@ -328,7 +328,8 @@ get_soa(res_state statp, const char *dname, ns_class class,
strcpy(zname, t);
rdata = ns_rr_rdata(rr);
rdlen = ns_rr_rdlen(rr);
if (ns_name_uncompress(resp, ns_msg_end(msg), rdata,
if (ns_name_uncompress((u_char *)resp,
ns_msg_end(msg), rdata,
mname, msize) < 0) {
DPRINTF(("get_soa: ns_name_uncompress failed"));
return ns_r_servfail;
@ -362,7 +363,7 @@ get_soa(res_state statp, const char *dname, ns_class class,
static int
get_ns(res_state statp, const char *zname, ns_class class, rrset_ns *nsrrsp) {
u_char resp[NS_PACKETSZ];
double resp[NS_PACKETSZ / sizeof (double)];
ns_msg msg;
int n;
ns_rcode rcode;
@ -391,7 +392,7 @@ get_glue(res_state statp, ns_class class, rrset_ns *nsrrsp) {
/* Go and get the A RRs for each empty NS RR on our list. */
for (nsrr = ISC_LIST_HEAD(*nsrrsp); nsrr != NULL; nsrr = nsrr_n) {
u_char resp[NS_PACKETSZ];
double resp[NS_PACKETSZ / sizeof (double)];
ns_msg msg;
int n;
ns_rcode rcode;
@ -552,9 +553,9 @@ find_ns(rrset_ns *nsrrsp, const char *dname) {
static ns_rcode
do_query(res_state statp, const char *dname, ns_class class, ns_type qtype,
u_char *resp, ns_msg *msg, int *alias_count)
double *resp, ns_msg *msg, int *alias_count)
{
u_char req[NS_PACKETSZ];
double req[NS_PACKETSZ / sizeof (double)];
int i;
unsigned n;
@ -574,7 +575,7 @@ do_query(res_state statp, const char *dname, ns_class class, ns_type qtype,
errno = EMSGSIZE;
return ns_r_servfail;
}
if (ns_initparse(resp, n, msg) < 0) {
if (ns_initparse((u_char *)resp, n, msg) < 0) {
DPRINTF(("do_query: ns_initparse failed"));
return ns_r_servfail;
}

10
usr.sbin/dhcp/minires/res_mkquery.c
View File

@ -70,7 +70,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "$Id: res_mkquery.c,v 1.1.1.1 2000/04/22 07:11:55 mellon Exp $";
static const char rcsid[] = "$Id: res_mkquery.c,v 1.1.1.2 2000/07/20 05:50:19 mellon Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
@ -98,7 +98,7 @@ res_nmkquery(res_state statp,
const u_char *data, /* resource record data */
unsigned datalen, /* length of data */
const u_char *newrr_in, /* new rr for modify or append */
u_char *buf, /* buffer to put query */
double *buf, /* buffer to put query */
unsigned buflen) /* size of buffer */
{
register HEADER *hp;
@ -117,10 +117,10 @@ res_nmkquery(res_state statp,
hp->opcode = op;
hp->rd = (statp->options & RES_RECURSE) != 0;
hp->rcode = NOERROR;
cp = buf + HFIXEDSZ;
cp = ((u_char *)buf) + HFIXEDSZ;
buflen -= HFIXEDSZ;
dpp = dnptrs;
*dpp++ = buf;
*dpp++ = (u_char *)buf;
*dpp++ = NULL;
lastdnptr = dnptrs + sizeof dnptrs / sizeof dnptrs[0];
/*
@ -187,5 +187,5 @@ res_nmkquery(res_state statp,
default:
return (-1);
}
return (cp - buf);
return (cp - ((u_char *)buf));
}

5
usr.sbin/dhcp/minires/res_mkupdate.c
View File

@ -21,7 +21,7 @@
*/
#if !defined(lint) && !defined(SABER)
static const char rcsid[] = "$Id: res_mkupdate.c,v 1.1.1.1 2000/04/22 07:11:55 mellon Exp $";
static const char rcsid[] = "$Id: res_mkupdate.c,v 1.1.1.2 2000/07/20 05:50:20 mellon Exp $";
#endif /* not lint */
#include <sys/types.h>
@ -85,7 +85,7 @@ static struct protoent *cgetprotobynumber(int);
*/
int
res_nmkupdate(res_state statp,
ns_updrec *rrecp_in, u_char *buf, unsigned *blp) {
ns_updrec *rrecp_in, double *bp, unsigned *blp) {
ns_updrec *rrecp_start = rrecp_in;
HEADER *hp;
u_char *cp, *sp1, *sp2, *startp, *endp;
@ -101,6 +101,7 @@ res_nmkupdate(res_state statp,
u_char *dnptrs[20], **dpp, **lastdnptr;
unsigned siglen, keylen, certlen;
unsigned buflen = *blp;
u_char *buf = (unsigned char *)bp;
/*
* Initialize header fields.

10
usr.sbin/dhcp/minires/res_query.c
View File

@ -70,7 +70,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "$Id: res_query.c,v 1.1.1.1 2000/04/22 07:11:55 mellon Exp $";
static const char rcsid[] = "$Id: res_query.c,v 1.1.1.2 2000/07/20 05:50:21 mellon Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
@ -111,10 +111,10 @@ int
res_nquery(res_state statp,
const char *name, /* domain name */
ns_class class, ns_type type, /* class and type of query */
u_char *answer, /* buffer to put answer */
double *answer, /* buffer to put answer */
unsigned anslen) /* size of answer buffer */
{
u_char buf[MAXPACKET];
double buf[MAXPACKET / sizeof (double)];
HEADER *hp = (HEADER *) answer;
unsigned n;
@ -183,7 +183,7 @@ int
res_nsearch(res_state statp,
const char *name, /* domain name */
ns_class class, ns_type type, /* class and type of query */
u_char *answer, /* buffer to put answer */
double *answer, /* buffer to put answer */
unsigned anslen) /* size of answer */
{
const char *cp, * const *domain;
@ -318,7 +318,7 @@ res_nquerydomain(res_state statp,
const char *name,
const char *domain,
ns_class class, ns_type type,
u_char *answer,
double *answer,
unsigned anslen)
{
char nbuf[MAXDNAME];

16
usr.sbin/dhcp/minires/res_send.c
View File

@ -70,7 +70,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)res_send.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "$Id: res_send.c,v 1.1.1.1 2000/04/22 07:11:55 mellon Exp $";
static const char rcsid[] = "$Id: res_send.c,v 1.1.1.2 2000/07/20 05:50:22 mellon Exp $";
#endif /* LIBC_SCCS and not lint */
/*
@ -218,7 +218,7 @@ res_queriesmatch(const u_char *buf1, const u_char *eom1,
int
res_nsend(res_state statp,
u_char *buf, unsigned buflen, u_char *ans, unsigned anssiz)
double *buf, unsigned buflen, double *ans, unsigned anssiz)
{
HEADER *hp = (HEADER *) buf;
HEADER *anhp = (HEADER *) ans;
@ -372,7 +372,7 @@ res_nsend(res_state statp,
* Receive length & response
*/
read_len:
cp = ans;
cp = (u_char *)ans;
len = INT16SZ;
while ((n = read(statp->_sock,
(char *)cp, (unsigned)len)) > 0) {
@ -401,7 +401,7 @@ res_nsend(res_state statp,
res_nclose(statp);
goto next_ns;
}
resplen = getUShort (ans);
resplen = getUShort ((unsigned char *)ans);
if (resplen > anssiz) {
Dprint(statp->options & RES_DEBUG,
(stdout, ";; response truncated\n")
@ -421,7 +421,7 @@ res_nsend(res_state statp,
res_nclose(statp);
goto next_ns;
}
cp = ans;
cp = (u_char *)ans;
while (len != 0 &&
(n = read(statp->_sock,
(char *)cp, (unsigned)len))
@ -700,8 +700,10 @@ res_nsend(res_state statp,
}
#endif
if (!(statp->options & RES_INSECURE2) &&
!res_queriesmatch(buf, buf + buflen,
ans, ans + anssiz)) {
!res_queriesmatch((u_char *)buf,
((u_char *)buf) + buflen,
(u_char *)ans,
((u_char *)ans) + anssiz)) {
/*
* response contains wrong query? ignore it.
* XXX - potential security hazard could

13
usr.sbin/dhcp/minires/res_sendsigned.c
View File

@ -19,13 +19,13 @@
/* res_nsendsigned */
int
res_nsendsigned(res_state statp, u_char *msg, unsigned msglen,
ns_tsig_key *key, u_char *answer, unsigned anslen)
res_nsendsigned(res_state statp, double *msg, unsigned msglen,
ns_tsig_key *key, double *answer, unsigned anslen)
{
res_state nstatp;
DST_KEY *dstkey;
int usingTCP = 0;
u_char *newmsg;
double *newmsg;
unsigned newmsglen;
unsigned bufsize, siglen;
u_char sig[64];
@ -43,7 +43,7 @@ res_nsendsigned(res_state statp, u_char *msg, unsigned msglen,
memcpy(nstatp, statp, sizeof(*statp));
bufsize = msglen + 1024;
newmsg = (u_char *) malloc(bufsize);
newmsg = (double *) malloc(bufsize);
if (newmsg == NULL) {
errno = ENOMEM;
return (-1);
@ -67,7 +67,8 @@ res_nsendsigned(res_state statp, u_char *msg, unsigned msglen,
nstatp->nscount = 1;
siglen = sizeof(sig);
ret = ns_sign(newmsg, &newmsglen, bufsize, NOERROR, dstkey, NULL, 0,
ret = ns_sign((u_char *)newmsg, &newmsglen, bufsize,
NOERROR, dstkey, NULL, 0,
sig, &siglen, 0);
if (ret < 0) {
free (nstatp);
@ -96,7 +97,7 @@ retry:
}
anslen = ret;
ret = ns_verify(answer, &anslen, dstkey, sig, siglen,
ret = ns_verify((u_char *)answer, &anslen, dstkey, sig, siglen,
NULL, NULL, &tsig_time,
(nstatp->options & RES_KEEPTSIG) ? 1 : 0);
if (ret != 0) {

5
usr.sbin/dhcp/minires/res_update.c
View File

@ -1,5 +1,5 @@
#if !defined(lint) && !defined(SABER)
static const char rcsid[] = "$Id: res_update.c,v 1.1.1.3 2000/07/08 20:40:55 mellon Exp $";
static const char rcsid[] = "$Id: res_update.c,v 1.1.1.4 2000/07/20 05:50:24 mellon Exp $";
#endif /* not lint */
/*
@ -80,7 +80,8 @@ void tkey_free (ns_tsig_key **);
ns_rcode
res_nupdate(res_state statp, ns_updrec *rrecp_in) {
ns_updrec *rrecp;
u_char answer[PACKETSZ], packet[2*PACKETSZ];
double answer[PACKETSZ / sizeof (double)];
double packet[2*PACKETSZ / sizeof (double)];
struct zonegrp *zptr, tgrp;
int nzones = 0, nscount = 0;
unsigned n;

4
usr.sbin/dhcp/omapip/alloc.c
View File

@ -475,10 +475,10 @@ isc_result_t omapi_object_dereference (omapi_object_t **h,
if (!extra_references) {
if (inner_reference)
omapi_object_dereference
(&(*h) -> inner -> outer, file, line);
(&(*h) -> inner, file, line);
if (outer_reference)
omapi_object_dereference
(&(*h) -> outer -> inner, file, line);
(&(*h) -> outer, file, line);
if (!(*h) -> type -> freer)
rc_register (file, line, h, *h, 0);
if ((*h) -> type -> destroy)

7
usr.sbin/dhcp/omapip/protocol.c
View File

@ -306,7 +306,8 @@ isc_result_t omapi_protocol_signal_handler (omapi_object_t *h,
/* If we already have the data, fall through. */
case omapi_protocol_header_wait:
status = omapi_message_allocate (&p -> message, MDL);
status = omapi_message_new ((omapi_object_t **)&p -> message,
MDL);
if (status != ISC_R_SUCCESS) {
omapi_disconnect (c, 1);
return status;
@ -712,7 +713,7 @@ isc_result_t omapi_protocol_send_status (omapi_object_t *po,
if (po -> type != omapi_type_protocol)
return ISC_R_INVALIDARG;
status = omapi_message_allocate (&message, MDL);
status = omapi_message_new ((omapi_object_t **)&message, MDL);
if (status != ISC_R_SUCCESS)
return status;
mo = (omapi_object_t *)message;
@ -765,7 +766,7 @@ isc_result_t omapi_protocol_send_update (omapi_object_t *po,
if (po -> type != omapi_type_protocol)
return ISC_R_INVALIDARG;
status = omapi_message_allocate (&message, MDL);
status = omapi_message_new ((omapi_object_t **)&message, MDL);
if (status != ISC_R_SUCCESS)
return status;
mo = (omapi_object_t *)message;