[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c
bugzilla at busybox.net
bugzilla at busybox.net
Fri Jul 15 10:14:55 UTC 2011
https://bugs.busybox.net/show_bug.cgi?id=3979
--- Comment #1 from Denys Vlasenko <vda.linux at googlemail.com> ---
We don't need to be particularly anal. For example, allowing _, hyphen at the
end, or leading and trailing dots would be ok, since it can't be used for
attacks. (Leading hyphen can be, if someone uses
cmd "$hostname"
in the script: then hostname may be treated as an option)
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list