[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c

bugzilla at busybox.net bugzilla at busybox.net
Wed Apr 16 16:11:07 UTC 2014


--- Comment #10 from danny at mellanox.com 2014-04-16 16:11:07 UTC ---

... SKIP ...

> > search site1.sub.domain sub.domain domain
> > nameserver
> > nameserver
> > nameserver
> This is an abuse of "domain" option to contain a list of search domains
> instead.

It will be abuse if I use "domain" option. But we are not talking about
"domain" here, we are talking about "search" (which is different from domain):

>From http://linux.die.net/man/5/resolv.conf:

domain Local domain name.

    Most queries for names within this domain can use short names relative to
the local domain. If no domain entry is present, the domain is determined from
the local hostname returned by gethostname(2); the domain part is taken to be
everything after the first '.'. Finally, if the hostname does not contain a
domain part, the root domain is assumed. 

search Search list for host-name lookup.

    The search list is normally determined from the local domain name; by
default, it contains only the local domain name. This may be changed by listing
the desired domain search path following the search keyword with spaces or tabs
separating the names. 
                        ... SKIP ...
   The search list is currently limited to six domains with a total of 256

> Despite it being accepted, this config is wrong: it says that your machine
> belongs to
> "siteX.sub.domain sub.domain domain" domain, which is obviously wrong.

It will be wrong if I add them to "domain" option, but it added to "search", so
nothing wrong.


Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the busybox-cvs mailing list