[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c

bugzilla at busybox.net bugzilla at busybox.net
Sun Jun 15 22:19:43 UTC 2014


https://bugs.busybox.net/show_bug.cgi?id=3979

Denys Vlasenko <vda.linux at googlemail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #20 from Denys Vlasenko <vda.linux at googlemail.com> 2014-06-15 22:19:41 UTC ---
(In reply to comment #17)
> Hi,
> 
> > Option 119 is not a string option, it uses "\003foo\004blah\003com\000"
> > encoding (RFC 1035).
> > 
> > > So, following advices to use "right options", we hitting even more problems and incompatibilities in different OS.
> 
> Everywhere in man's it written as "string"...
> 
> > 
> > Because many clients have bugs in handling more recently introduced options.
> > Such is life. Bugs needs to be filed in bugzillas to get them fixed.
> > 
> 
> Here you too optimistic. Nobody bother to fix old stuff, especially on old
> systems...
> 
> > 
> > > Can't provide you with tcpdump yet, but you already know what is there.
> > 
> > I do want tcpdump, because I in fact don't know what _exactly_ is there. For
> > example, trailing dot problem can exist in bbox's DHCP client, udhcpc, and in
> > order to test it, I want to see a real-world example of the packed, instead of
> > assuming what's there.
> 
> Sent you by email.
> 
> Anyway, there is a way, which can be acceptable by all parties:
> 
> if (ch == '\0' || ch == ' ' || ch == '.' )
>                                return label;
> 
> Here you will get domain name in any case + ' ' is not evil + RFC conformant +
> nothing broken.

A better (for some definition of "better") solution
is to make hostname sanitization configurable.

Then you can turn off it and continue to (ab)use wrong option,
whereas security-obsessed people can be happy too.

I committed this change to git:

http://git.busybox.net/busybox/commit/?id=85090c162b322a4ffe53d251e59bbfc212a829ee

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list