[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c

bugzilla at busybox.net bugzilla at busybox.net
Fri Jul 15 10:14:55 UTC 2011


--- Comment #1 from Denys Vlasenko <vda.linux at googlemail.com>  ---
We don't need to be particularly anal. For example, allowing _, hyphen at the
end, or leading and trailing dots would be ok, since it can't be used for
attacks. (Leading hyphen can be, if someone uses

cmd "$hostname"

in the script: then hostname may be treated as an option)

Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the busybox-cvs mailing list