project/odhcp6c.git
8 years agoMerge pull request #41 from bwhacks/security-fixes
Steven Barth [Thu, 28 Jan 2016 15:59:12 +0000 (16:59 +0100)]
Merge pull request #41 from bwhacks/security-fixes

Security fixes

8 years agoAdd missing option length checks in dhcpv6_handle_advert
Ben Hutchings [Thu, 28 Jan 2016 02:09:47 +0000 (02:09 +0000)]
Add missing option length checks in dhcpv6_handle_advert

These might be redundant with checks elsewhere but it's better to be
safe.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix potential log forgery via status string
Ben Hutchings [Thu, 28 Jan 2016 01:44:10 +0000 (01:44 +0000)]
Fix potential log forgery via status string

We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines.  In dhcpv6_log_status_code,
replace all control characters with '?'.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoCheck for unsupported PD exclusion configuration in dhcpv6_parse_ia
Ben Hutchings [Thu, 28 Jan 2016 01:28:32 +0000 (01:28 +0000)]
Check for unsupported PD exclusion configuration in dhcpv6_parse_ia

We currently only support PD exclusions that only affect bits 64-95 of
the address, so we require:

    32 <= PD prefix length < exclusion prefix length <= 64

The first inequality was not validated, and this could result in a
buffer overflow when generating the next request message.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state fails
Ben Hutchings [Thu, 28 Jan 2016 01:16:31 +0000 (01:16 +0000)]
Fix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state fails

If we fail to store information from the new server, the associated
NA and PD options will never be freed.  An attacker could use this
for denial-of-service.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoChange odhcp6c_insert_state to return a success/failure indicator
Ben Hutchings [Thu, 28 Jan 2016 01:14:04 +0000 (01:14 +0000)]
Change odhcp6c_insert_state to return a success/failure indicator

Some callers will need to free resources on failure.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix possible stack buffer overflow in s46_to_env when copying IPv6 prefixes
Ben Hutchings [Thu, 28 Jan 2016 00:49:22 +0000 (00:49 +0000)]
Fix possible stack buffer overflow in s46_to_env when copying IPv6 prefixes

An 8-bit prefix-length field can be as large as 255, but values larger
than 128 will result in a buffer overflow when copying to in6.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix off-by-one in buffer length in int_to_env
Ben Hutchings [Fri, 22 Jan 2016 19:07:52 +0000 (19:07 +0000)]
Fix off-by-one in buffer length in int_to_env

We need to allow for '=', negative sign, 10 digits and the null
terminator, adding up to 13 bytes not 12.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix potential buffer overflow in entry_to_env
Ben Hutchings [Fri, 22 Jan 2016 18:02:04 +0000 (18:02 +0000)]
Fix potential buffer overflow in entry_to_env

It appears that an entry of type ENTRY_PREFIX with iaid != 1 and an
exclusion can expand to a string of length up to 154 bytes, whereas we
allocate only 144 bytes per entry.

Also, in case of truncation, snprintf() returns the length of the
un-truncated output so we must not use this to increment buf_len.

Finally some of the lengths given to snprintf() are unnecessarily
generous.  Reduce them so we don't have to increase the allocated
length per entry further.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoAvoid copying buffer after dn_expand() fails
Ben Hutchings [Fri, 22 Jan 2016 20:15:31 +0000 (20:15 +0000)]
Avoid copying buffer after dn_expand() fails

If dn_expand() returns an error we could copy from an uninitialised
output buffer or append the previous domain name again.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoMerge pull request #40 from dedeckeh/bugfixes
Steven Barth [Tue, 26 Jan 2016 19:29:01 +0000 (20:29 +0100)]
Merge pull request #40 from dedeckeh/bugfixes

script: Launch script with correct action if last script call is terminated

8 years agoscript: Launch script with correct action if last script call is terminated
Hans Dedecker [Tue, 26 Jan 2016 08:20:33 +0000 (09:20 +0100)]
script: Launch script with correct action if last script call is terminated

Actions launched as resume will be used in a next script_call
if the new action is not marked as resume even when the previous
script run was already terminated.
This behavior is particular visible when a RA is received as
the script will run with action bound and not ra-updated
resulting into a wan6 interface down/up transition

9 years agoodhcp6c: sync and accumulate RA & DHCPv6 events correctly
Steven Barth [Mon, 27 Jul 2015 13:39:11 +0000 (15:39 +0200)]
odhcp6c: sync and accumulate RA & DHCPv6 events correctly

9 years agoMerge pull request #37 from themiron/master
Steven Barth [Mon, 13 Jul 2015 14:15:52 +0000 (16:15 +0200)]
Merge pull request #37 from themiron/master

Avoid solicit for zero-length prefix

9 years agoMerge branch 'upstream'
Vladislav Grishenko [Mon, 13 Jul 2015 13:12:41 +0000 (18:12 +0500)]
Merge branch 'upstream'

9 years agodhcpv6: remove dead code
Steven Barth [Mon, 13 Jul 2015 10:38:42 +0000 (12:38 +0200)]
dhcpv6: remove dead code

9 years agoAvoid solicit for zero-length prefix
Vladislav Grishenko [Sun, 12 Jul 2015 12:02:30 +0000 (17:02 +0500)]
Avoid solicit for zero-length prefix

9 years agodhcpv6: clear CUSTOM_OPTS in a more sane manner
Steven Barth [Tue, 9 Jun 2015 12:04:59 +0000 (14:04 +0200)]
dhcpv6: clear CUSTOM_OPTS in a more sane manner

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoFix LW4over6 parameter handling
Steven Barth [Sat, 16 May 2015 07:28:01 +0000 (09:28 +0200)]
Fix LW4over6 parameter handling

9 years agoMerge pull request #33 from themiron/master
Steven Barth [Sat, 25 Apr 2015 16:49:59 +0000 (18:49 +0200)]
Merge pull request #33 from themiron/master

Avoid of waiting for Advertise in stateless-only mode

9 years agoAvoid of waiting for Advertise in stateless-only mode
Vladislav Grishenko [Sat, 25 Apr 2015 15:52:57 +0000 (20:52 +0500)]
Avoid of waiting for Advertise in stateless-only mode

Start with Information-request when configured not to ask
IA_NA/IA_PD. It allows to complete the exchange using only
two messages, instead of four, and fixes infinite Advertise
waiting loop with servers that just ignore Solicit messages.

9 years agoFixup INF_MAX_RT for RFC 3315 as well
Steven Barth [Mon, 20 Apr 2015 09:59:56 +0000 (11:59 +0200)]
Fixup INF_MAX_RT for RFC 3315 as well

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoFix SOL_MAX_RT default value to match RFC 3315
Steven Barth [Mon, 20 Apr 2015 09:16:21 +0000 (11:16 +0200)]
Fix SOL_MAX_RT default value to match RFC 3315

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoexample: actually chmod new resolv.conf after overwriting
Steven Barth [Wed, 15 Apr 2015 13:02:55 +0000 (15:02 +0200)]
example: actually chmod new resolv.conf after overwriting

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agora: avoid saving an empty search domain entry
Steven Barth [Wed, 15 Apr 2015 12:55:57 +0000 (14:55 +0200)]
ra: avoid saving an empty search domain entry

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoscan-code fixes
Steven Barth [Tue, 14 Apr 2015 06:24:44 +0000 (08:24 +0200)]
scan-code fixes

9 years agoImprove handling of DNS search domains
Steven Barth [Mon, 13 Apr 2015 12:48:52 +0000 (14:48 +0200)]
Improve handling of DNS search domains

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoFix odhcp6c_find_entry
Steven Barth [Sun, 12 Apr 2015 12:02:59 +0000 (14:02 +0200)]
Fix odhcp6c_find_entry

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoRemove obsolete prefix class support
Steven Barth [Sun, 12 Apr 2015 07:15:22 +0000 (09:15 +0200)]
Remove obsolete prefix class support

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoSanitize RA values less
Steven Barth [Fri, 10 Apr 2015 11:31:56 +0000 (13:31 +0200)]
Sanitize RA values less

9 years agoPass ICMP configuration to user-space instead of directly applying it
Steven Barth [Fri, 10 Apr 2015 11:19:44 +0000 (13:19 +0200)]
Pass ICMP configuration to user-space instead of directly applying it

9 years agoUpdate README
Steven Barth [Thu, 9 Apr 2015 08:16:02 +0000 (10:16 +0200)]
Update README

9 years agoscript: don't resolve AFTR since DNS won't be applied yet anyway
Steven Barth [Thu, 9 Apr 2015 07:51:39 +0000 (09:51 +0200)]
script: don't resolve AFTR since DNS won't be applied yet anyway

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoproperly handle return codes
John Crispin [Sat, 28 Mar 2015 16:58:44 +0000 (17:58 +0100)]
properly handle return codes

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agora: use proper struct msghdr initializer to fix build error on musl
Felix Fietkau [Sun, 29 Mar 2015 02:35:17 +0000 (04:35 +0200)]
ra: use proper struct msghdr initializer to fix build error on musl

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agomake route metric more compatible with linux defaults
Steven Barth [Wed, 25 Mar 2015 18:23:59 +0000 (19:23 +0100)]
make route metric more compatible with linux defaults

9 years agoGet rid of getifaddrs for interface ID detection
Steven Barth [Wed, 11 Mar 2015 09:06:54 +0000 (10:06 +0100)]
Get rid of getifaddrs for interface ID detection

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoMerge pull request #30 from themiron/master
Steven Barth [Tue, 17 Feb 2015 17:43:35 +0000 (18:43 +0100)]
Merge pull request #30 from themiron/master

Fix handling of DHCPv6 replies containing unrequested IA_NA/IA_PD options

9 years agoFix handling of DHCPv6 replies containing unrequested IA_NA/IA_PD options
Vladislav Grishenko [Tue, 17 Feb 2015 17:28:45 +0000 (22:28 +0500)]
Fix handling of DHCPv6 replies containing unrequested IA_NA/IA_PD options

9 years agoexample: prevent script from running in parallel to avoid races
Steven Barth [Tue, 17 Feb 2015 13:41:04 +0000 (14:41 +0100)]
example: prevent script from running in parallel to avoid races

9 years agoset default information refresh time to 86400 as per RFC 4242
Steven Barth [Tue, 13 Jan 2015 08:36:42 +0000 (09:36 +0100)]
set default information refresh time to 86400 as per RFC 4242

9 years agoREADME: adjust for a bit of feature creep
Steven Barth [Tue, 6 Jan 2015 13:29:47 +0000 (14:29 +0100)]
README: adjust for a bit of feature creep

9 years agoMerge pull request #28 from janakj/master
Steven Barth [Wed, 31 Dec 2014 14:49:47 +0000 (15:49 +0100)]
Merge pull request #28 from janakj/master

Minor help string clarification for client-ID

9 years agoMinor help string clarification for client-ID
Jan Janak [Wed, 31 Dec 2014 14:22:35 +0000 (15:22 +0100)]
Minor help string clarification for client-ID

Document that the value of -c must be a 16-bit type (network byte order) followed by a client-ID value.
For example, to use a UUID based client-ID (type 4, RFC 6355) one could use the following cmdline option:
  -c0004<128_bit_uuid_in_hex>

9 years agoAvoid sending empty DHCPv6 release messages
Steven Barth [Wed, 10 Dec 2014 10:40:40 +0000 (11:40 +0100)]
Avoid sending empty DHCPv6 release messages

9 years agoDon't apply excess filter to DHCPv6 and unify odhcp6c_update_entry
Steven Barth [Wed, 10 Dec 2014 10:38:20 +0000 (11:38 +0100)]
Don't apply excess filter to DHCPv6 and unify odhcp6c_update_entry

9 years agoMore compatibility with non RFC-compliant servers
Steven Barth [Sun, 30 Nov 2014 19:25:45 +0000 (20:25 +0100)]
More compatibility with non RFC-compliant servers

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoCleanup pidfile-gerneration
Steven Barth [Fri, 28 Nov 2014 09:20:35 +0000 (10:20 +0100)]
Cleanup pidfile-gerneration

9 years agoBe less picky when erroring out due to strange IA status-codes
Steven Barth [Fri, 28 Nov 2014 00:36:44 +0000 (01:36 +0100)]
Be less picky when erroring out due to strange IA status-codes

9 years agoFix initial delay of SOLICIT message
Steven Barth [Fri, 28 Nov 2014 00:29:59 +0000 (01:29 +0100)]
Fix initial delay of SOLICIT message

Signed-off-by: Steven Barth <steven@midlink.org>
10 years agoFix msghdr initialization on musl
Steven Barth [Tue, 18 Nov 2014 09:36:06 +0000 (10:36 +0100)]
Fix msghdr initialization on musl

10 years agoBe less verbose by default and add -v flag
Steven Barth [Tue, 18 Nov 2014 09:25:22 +0000 (10:25 +0100)]
Be less verbose by default and add -v flag

10 years agoupdate cer-id definition
Steven Barth [Thu, 13 Nov 2014 11:54:54 +0000 (12:54 +0100)]
update cer-id definition

10 years agosoftwires: avoid unnecessary allocations
Steven Barth [Sat, 25 Oct 2014 10:37:01 +0000 (12:37 +0200)]
softwires: avoid unnecessary allocations

10 years agoMerge pull request #24 from themiron/master
sbyx [Fri, 10 Oct 2014 14:25:10 +0000 (16:25 +0200)]
Merge pull request #24 from themiron/master

Fix parsing empty IA_NA, IA_PD and invalid IA_ADDR options

10 years agoFix parsing empty IA_NA, IA_PD and invalid IA_ADDR options
Vladislav Grishenko [Fri, 10 Oct 2014 12:18:42 +0000 (18:18 +0600)]
Fix parsing empty IA_NA, IA_PD and invalid IA_ADDR options

10 years agoMerge pull request #23 from dedeckeh/bugfixes
sbyx [Wed, 8 Oct 2014 13:59:44 +0000 (15:59 +0200)]
Merge pull request #23 from dedeckeh/bugfixes

odhcp6c: Set bound state true before script_call in statefull mode

10 years agoodhcp6c: Set bound state true before script_call in statefull mode
Hans Dedecker [Wed, 8 Oct 2014 13:43:21 +0000 (15:43 +0200)]
odhcp6c: Set bound state true before script_call in statefull mode

10 years agoscript: don't leak IA_PD / IA_NA if not yet bound
Steven Barth [Wed, 8 Oct 2014 13:02:27 +0000 (15:02 +0200)]
script: don't leak IA_PD / IA_NA if not yet bound

10 years agoEnsure signal-safety of signal handlers
Steven Barth [Wed, 8 Oct 2014 09:57:07 +0000 (11:57 +0200)]
Ensure signal-safety of signal handlers

10 years agoExport DHCPv6 server address to env
Steven Barth [Mon, 6 Oct 2014 08:29:43 +0000 (10:29 +0200)]
Export DHCPv6 server address to env

10 years agoSend RS alternatingly with and without source MAC
Steven Barth [Sat, 27 Sep 2014 16:54:43 +0000 (18:54 +0200)]
Send RS alternatingly with and without source MAC

10 years agoEnable softwire-support by default
Steven Barth [Mon, 25 Aug 2014 06:08:56 +0000 (08:08 +0200)]
Enable softwire-support by default

10 years agoAlso test for correct IA-ID for IA_NA
Steven Barth [Fri, 22 Aug 2014 14:09:34 +0000 (16:09 +0200)]
Also test for correct IA-ID for IA_NA

10 years agoia_na: use big-endian 1 as IAID
Steven Barth [Fri, 22 Aug 2014 14:07:37 +0000 (16:07 +0200)]
ia_na: use big-endian 1 as IAID

10 years agoRemove BFD from master-branch (kept in BFD-branch)
Steven Barth [Wed, 13 Aug 2014 11:30:42 +0000 (13:30 +0200)]
Remove BFD from master-branch (kept in BFD-branch)

10 years agoSend router solicitations with source link-layer address
Steven Barth [Mon, 21 Jul 2014 10:10:38 +0000 (12:10 +0200)]
Send router solicitations with source link-layer address

10 years agoFilter FQDN as well
Steven Barth [Fri, 30 May 2014 14:51:22 +0000 (16:51 +0200)]
Filter FQDN as well

10 years agoImprove filter
Steven Barth [Fri, 30 May 2014 14:49:05 +0000 (16:49 +0200)]
Improve filter

10 years agofilter DNS-domain from passthru
Steven Barth [Fri, 23 May 2014 06:29:34 +0000 (08:29 +0200)]
filter DNS-domain from passthru

10 years agoAdd support for DHCPv6 option passthru
Steven Barth [Fri, 23 May 2014 06:15:49 +0000 (08:15 +0200)]
Add support for DHCPv6 option passthru

10 years agoAdd MAPE / MAPT / LW4O6 to Readme
Steven Barth [Thu, 8 May 2014 09:12:43 +0000 (11:12 +0200)]
Add MAPE / MAPT / LW4O6 to Readme

10 years agosoftwire: fix DMR parsing
Steven Barth [Thu, 8 May 2014 09:06:32 +0000 (11:06 +0200)]
softwire: fix DMR parsing

10 years agoFix compiler warning
Steven Barth [Wed, 30 Apr 2014 15:49:32 +0000 (17:49 +0200)]
Fix compiler warning

10 years agoMAP: export type value in rules
Steven Barth [Wed, 30 Apr 2014 15:46:02 +0000 (17:46 +0200)]
MAP: export type value in rules

10 years agoFix MAP parameter parsing
Steven Barth [Wed, 30 Apr 2014 15:39:15 +0000 (17:39 +0200)]
Fix MAP parameter parsing

10 years agoIgnore multiple MAP-E instances for now and output DMR / BR for every rule
Steven Barth [Mon, 28 Apr 2014 17:39:10 +0000 (19:39 +0200)]
Ignore multiple MAP-E instances for now and output DMR / BR for every rule

10 years agoInitial support for MAP & LW4O6 provisioning
Steven Barth [Mon, 28 Apr 2014 09:37:13 +0000 (11:37 +0200)]
Initial support for MAP & LW4O6 provisioning

10 years agoFix fallout
Steven Barth [Wed, 9 Apr 2014 06:56:01 +0000 (08:56 +0200)]
Fix fallout

10 years agoRevert "Revert to old behaviour regarding information requests"
Steven Barth [Wed, 9 Apr 2014 06:47:53 +0000 (08:47 +0200)]
Revert "Revert to old behaviour regarding information requests"

This reverts commit c98181c4a48c57e405effd1dc9046aaaee6d480f.

10 years agoMerge pull request #19 from dedeckeh/bugfixes
sbyx [Thu, 3 Apr 2014 20:51:09 +0000 (22:51 +0200)]
Merge pull request #19 from dedeckeh/bugfixes

Add user-class option in help text and minor clean up

10 years agoAdd user-class option in help text and minor clean up
Hans Dedecker [Wed, 2 Apr 2014 20:30:48 +0000 (22:30 +0200)]
Add user-class option in help text and minor clean up

10 years agoCorrectly clear CER
Steven Barth [Tue, 1 Apr 2014 10:07:28 +0000 (12:07 +0200)]
Correctly clear CER

10 years agoDon't disable looping (meh)
Steven Barth [Tue, 1 Apr 2014 09:50:53 +0000 (11:50 +0200)]
Don't disable looping (meh)

10 years agoAdd initial support for CER-ID
Steven Barth [Sun, 30 Mar 2014 17:51:56 +0000 (19:51 +0200)]
Add initial support for CER-ID

10 years agoStop rebinding when all IAs are lost
Steven Barth [Mon, 24 Mar 2014 08:37:36 +0000 (09:37 +0100)]
Stop rebinding when all IAs are lost

10 years agoFix building with clang 3.4
Steven Barth [Tue, 18 Mar 2014 13:39:22 +0000 (14:39 +0100)]
Fix building with clang 3.4

10 years agoFix HMAC-MD5 verify in reconfigure
Steven Barth [Tue, 11 Mar 2014 08:18:32 +0000 (09:18 +0100)]
Fix HMAC-MD5 verify in reconfigure

10 years agofix integer overflow after 50 days (thx Hauke Mehrtens)
Steven Barth [Fri, 7 Mar 2014 09:33:49 +0000 (10:33 +0100)]
fix integer overflow after 50 days (thx Hauke Mehrtens)

10 years agora: don't set nd_ra_{reachable,retransmit} to 0
Steven Barth [Wed, 5 Mar 2014 08:11:24 +0000 (09:11 +0100)]
ra: don't set nd_ra_{reachable,retransmit} to 0

10 years agoSet default for min-update-interval to 30
Steven Barth [Wed, 5 Mar 2014 08:06:29 +0000 (09:06 +0100)]
Set default for min-update-interval to 30

10 years agoMerge pull request #18 from kaspar030/rebase
sbyx [Tue, 4 Mar 2014 17:21:04 +0000 (18:21 +0100)]
Merge pull request #18 from kaspar030/rebase

add option to specify minimum interval for accepting RA or DHCP updates.

10 years agoadd option to specify minimum interval for accepting RA or DHCP updates.
Kaspar Schleiser [Tue, 4 Mar 2014 15:29:02 +0000 (16:29 +0100)]
add option to specify minimum interval for accepting RA or DHCP updates.

This was fixed to 60s. Add '-m <seconds>' option to change default time.

10 years agoFix invalid use of open()
Steven Barth [Sat, 1 Mar 2014 12:31:33 +0000 (13:31 +0100)]
Fix invalid use of open()

10 years agoMake hex-string say base-16 encoded in help
Steven Barth [Wed, 19 Feb 2014 08:14:09 +0000 (09:14 +0100)]
Make hex-string say base-16 encoded in help

10 years agoReintroduce Reconfigure-Accept in Request-Message
Steven Barth [Mon, 17 Feb 2014 20:18:49 +0000 (21:18 +0100)]
Reintroduce Reconfigure-Accept in Request-Message

10 years agoMerge pull request #16 from kaspar030/use_enum_for_iov
sbyx [Wed, 12 Feb 2014 13:51:54 +0000 (14:51 +0100)]
Merge pull request #16 from kaspar030/use_enum_for_iov

use enum to specify order and indexes of iov struct in dhcp_send().

10 years agouse enum to specify order and indexes of iov struct.
Kaspar Schleiser [Wed, 12 Feb 2014 12:48:25 +0000 (13:48 +0100)]
use enum to specify order and indexes of iov struct.

This helps to avoid brainfuck index calculation errors when adding
features.

On my build machine (arch linux x86_64), the stripped binary has exactly
the same size, so this patch should produce the same binary, but
increase code maintainability.

10 years agoFix fallout from userclass addition
Steven Barth [Thu, 6 Feb 2014 10:08:51 +0000 (11:08 +0100)]
Fix fallout from userclass addition

10 years agoMerge pull request #15 from dedeckeh/bugfixes
sbyx [Thu, 6 Feb 2014 07:05:45 +0000 (08:05 +0100)]
Merge pull request #15 from dedeckeh/bugfixes

Bugfixes