[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c

bugzilla at busybox.net bugzilla at busybox.net
Mon Apr 7 15:07:05 UTC 2014


danny at mellanox.com changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
                 CC|                            |danny at mellanox.com
         Resolution|FIXED                       |

--- Comment #8 from danny at mellanox.com 2014-04-07 15:07:04 UTC ---

Sorry to beat dead horse, but commit 7280d2017d8075267a12e469983e38277dcf0374
effectively broke udhcpc, so now it refuse to work with multiple domains in
"search" line, replacing all of them by single word "bad". 
IMHO, you should not touch DOMAIN_NAME if it not contains really bad
characters. As said earlier - it should not be such anal ;)

Our environment has 5 different sites, and we populating resolv.conf by such
DHCP settings:

option domain-name "siteX.sub.domain sub.domain domain";
option domain-name-servers,,;

Such configuration is happily accepted by all Linux servers (and even Windows),
leaving us with such stuff in /etc/resolv.conf:

search site1.sub.domain sub.domain domain

But now it is not true for installers based on updated busybox - in my case it
is Debian 7.2 x64:

search bad

As possible workaround, I've got recommendations to use such DHCP config (and i
was able to overcome that "bad" stuff):

option domain-name "siteX.sub.domain";
option domain-search "sub.domain","domain";
option domain-name-servers,,;

But such config bring other bad things and incompatibilities:

; generated by /sbin/dhclient-script
search sub.domain. domain. 

Please advice.

Thank you!

Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the busybox-cvs mailing list