[Bug 3979] udhcpc should filter out malicious hostnames passed in option 0x0c

bugzilla at busybox.net bugzilla at busybox.net
Wed Apr 16 17:39:58 UTC 2014


--- Comment #11 from Denys Vlasenko <vda.linux at googlemail.com> 2014-04-16 17:39:57 UTC ---
(In reply to comment #10)
> > > search site1.sub.domain sub.domain domain
> > > nameserver
> > > nameserver
> > > nameserver
> > 
> > This is an abuse of "domain" option to contain a list of search domains
> > instead.
> It will be abuse if I use "domain" option. But we are not talking about
> "domain" here, we are talking about "search" (which is different from domain):
> From http://linux.die.net/man/5/resolv.conf:

No, we are not talking about "search".

DHCP options do not match one-to-one to resolv.conf directives.
DHCP protocol per se knows nothing about resolv.conf.

If your DHCP server has configured to use "option domain-name "SOMETHING";"
it is clear it will send packets with DHCP option 15 (or 0x0f, if you prefer).

http://www.networksorcery.com/enp/rfc/rfc2132.txt says this about option 15:

3.17. Domain Name

   This option specifies the domain name that client should use when
   resolving hostnames via the Domain Name System.

   The code for this option is 15.  Its minimum length is 1.

RFC does not allow _a list of domains_ there. Only one domain.

> It will be wrong if I add them to "domain" option, but it added to "search", so nothing wrong.

You should not use option 15 to pass a list of search domains, otherwise you
can discover
that tools which are RFC-2132 compliant won't agree to process it.

There are options which are intended to pass lists of search domains. Use

Please attach your /sbin/dhclient-script and tcpdump capture of DHCP reply
packet which carries the data.

Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the busybox-cvs mailing list