1/* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */
2
3/* DHCP options parsing and reassembly. */
4
5/*
6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38 * Enterprises. To learn more about the Internet Software Consortium,
39 * see ``http://www.vix.com/isc''. To learn more about Vixie
40 * Enterprises, see ``http://www.vix.com''.
41 */
42
43#include <sys/cdefs.h>
| 1/* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */
2
3/* DHCP options parsing and reassembly. */
4
5/*
6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38 * Enterprises. To learn more about the Internet Software Consortium,
39 * see ``http://www.vix.com/isc''. To learn more about Vixie
40 * Enterprises, see ``http://www.vix.com''.
41 */
42
43#include <sys/cdefs.h>
|
97}
98
99/*
100 * Parse options out of the specified buffer, storing addresses of
101 * option values in packet->options and setting packet->options_valid if
102 * no errors are encountered.
103 */
104void
105parse_option_buffer(struct packet *packet,
106 unsigned char *buffer, int length)
107{
108 unsigned char *s, *t, *end = buffer + length;
109 int len, code;
110
111 for (s = buffer; *s != DHO_END && s < end; ) {
112 code = s[0];
113
114 /* Pad options don't have a length - just skip them. */
115 if (code == DHO_PAD) {
116 s++;
117 continue;
118 }
119 if (s + 2 > end) {
120 len = 65536;
121 goto bogus;
122 }
123
124 /*
125 * All other fields (except end, see above) have a
126 * one-byte length.
127 */
128 len = s[1];
129
130 /*
131 * If the length is outrageous, silently skip the rest,
132 * and mark the packet bad. Unfortunately some crappy
133 * dhcp servers always seem to give us garbage on the
134 * end of a packet. so rather than keep refusing, give
135 * up and try to take one after seeing a few without
136 * anything good.
137 */
138 if (s + len + 2 > end) {
139 bogus:
140 bad_options++;
141 warning("option %s (%d) %s.",
142 dhcp_options[code].name, len,
143 "larger than buffer");
144 if (bad_options == bad_options_max) {
145 packet->options_valid = 1;
146 bad_options = 0;
147 warning("Many bogus options seen in offers. "
148 "Taking this offer in spite of bogus "
149 "options - hope for the best!");
150 } else {
151 warning("rejecting bogus offer.");
152 packet->options_valid = 0;
153 }
154 return;
155 }
156 /*
157 * If we haven't seen this option before, just make
158 * space for it and copy it there.
159 */
160 if (!packet->options[code].data) {
161 if (!(t = calloc(1, len + 1)))
162 error("Can't allocate storage for option %s.",
163 dhcp_options[code].name);
164 /*
165 * Copy and NUL-terminate the option (in case
166 * it's an ASCII string.
167 */
168 memcpy(t, &s[2], len);
169 t[len] = 0;
170 packet->options[code].len = len;
171 packet->options[code].data = t;
172 } else {
173 /*
174 * If it's a repeat, concatenate it to whatever
175 * we last saw. This is really only required
176 * for clients, but what the heck...
177 */
178 t = calloc(1, len + packet->options[code].len + 1);
179 if (!t)
180 error("Can't expand storage for option %s.",
181 dhcp_options[code].name);
182 memcpy(t, packet->options[code].data,
183 packet->options[code].len);
184 memcpy(t + packet->options[code].len,
185 &s[2], len);
186 packet->options[code].len += len;
187 t[packet->options[code].len] = 0;
188 free(packet->options[code].data);
189 packet->options[code].data = t;
190 }
191 s += len + 2;
192 }
193 packet->options_valid = 1;
194}
195
196/*
| 106}
107
108/*
109 * Parse options out of the specified buffer, storing addresses of
110 * option values in packet->options and setting packet->options_valid if
111 * no errors are encountered.
112 */
113void
114parse_option_buffer(struct packet *packet,
115 unsigned char *buffer, int length)
116{
117 unsigned char *s, *t, *end = buffer + length;
118 int len, code;
119
120 for (s = buffer; *s != DHO_END && s < end; ) {
121 code = s[0];
122
123 /* Pad options don't have a length - just skip them. */
124 if (code == DHO_PAD) {
125 s++;
126 continue;
127 }
128 if (s + 2 > end) {
129 len = 65536;
130 goto bogus;
131 }
132
133 /*
134 * All other fields (except end, see above) have a
135 * one-byte length.
136 */
137 len = s[1];
138
139 /*
140 * If the length is outrageous, silently skip the rest,
141 * and mark the packet bad. Unfortunately some crappy
142 * dhcp servers always seem to give us garbage on the
143 * end of a packet. so rather than keep refusing, give
144 * up and try to take one after seeing a few without
145 * anything good.
146 */
147 if (s + len + 2 > end) {
148 bogus:
149 bad_options++;
150 warning("option %s (%d) %s.",
151 dhcp_options[code].name, len,
152 "larger than buffer");
153 if (bad_options == bad_options_max) {
154 packet->options_valid = 1;
155 bad_options = 0;
156 warning("Many bogus options seen in offers. "
157 "Taking this offer in spite of bogus "
158 "options - hope for the best!");
159 } else {
160 warning("rejecting bogus offer.");
161 packet->options_valid = 0;
162 }
163 return;
164 }
165 /*
166 * If we haven't seen this option before, just make
167 * space for it and copy it there.
168 */
169 if (!packet->options[code].data) {
170 if (!(t = calloc(1, len + 1)))
171 error("Can't allocate storage for option %s.",
172 dhcp_options[code].name);
173 /*
174 * Copy and NUL-terminate the option (in case
175 * it's an ASCII string.
176 */
177 memcpy(t, &s[2], len);
178 t[len] = 0;
179 packet->options[code].len = len;
180 packet->options[code].data = t;
181 } else {
182 /*
183 * If it's a repeat, concatenate it to whatever
184 * we last saw. This is really only required
185 * for clients, but what the heck...
186 */
187 t = calloc(1, len + packet->options[code].len + 1);
188 if (!t)
189 error("Can't expand storage for option %s.",
190 dhcp_options[code].name);
191 memcpy(t, packet->options[code].data,
192 packet->options[code].len);
193 memcpy(t + packet->options[code].len,
194 &s[2], len);
195 packet->options[code].len += len;
196 t[packet->options[code].len] = 0;
197 free(packet->options[code].data);
198 packet->options[code].data = t;
199 }
200 s += len + 2;
201 }
202 packet->options_valid = 1;
203}
204
205/*
|
197 * cons options into a big buffer, and then split them out into the
198 * three separate buffers if needed. This allows us to cons up a set of
199 * vendor options using the same routine.
200 */
201int
202cons_options(struct packet *inpacket, struct dhcp_packet *outpacket,
203 int mms, struct tree_cache **options,
204 int overload, /* Overload flags that may be set. */
205 int terminate, int bootpp, u_int8_t *prl, int prl_len)
206{
207 unsigned char priority_list[300], buffer[4096];
208 int priority_len, main_buffer_size, mainbufix, bufix;
209 int option_size, length;
210
211 /*
212 * If the client has provided a maximum DHCP message size, use
213 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use
214 * up to the minimum IP MTU size (576 bytes).
215 *
216 * XXX if a BOOTP client specifies a max message size, we will
217 * honor it.
218 */
219 if (!mms &&
220 inpacket &&
221 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data &&
222 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >=
223 sizeof(u_int16_t)))
224 mms = getUShort(
225 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data);
226
227 if (mms)
228 main_buffer_size = mms - DHCP_FIXED_LEN;
229 else if (bootpp)
230 main_buffer_size = 64;
231 else
232 main_buffer_size = 576 - DHCP_FIXED_LEN;
233
234 if (main_buffer_size > sizeof(buffer))
235 main_buffer_size = sizeof(buffer);
236
237 /* Preload the option priority list with mandatory options. */
238 priority_len = 0;
239 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE;
240 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
241 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME;
242 priority_list[priority_len++] = DHO_DHCP_MESSAGE;
243
244 /*
245 * If the client has provided a list of options that it wishes
246 * returned, use it to prioritize. Otherwise, prioritize based
247 * on the default priority list.
248 */
249 if (inpacket &&
250 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
251 int prlen =
252 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len;
253 if (prlen + priority_len > sizeof(priority_list))
254 prlen = sizeof(priority_list) - priority_len;
255
256 memcpy(&priority_list[priority_len],
257 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data,
258 prlen);
259 priority_len += prlen;
260 prl = priority_list;
261 } else if (prl) {
262 if (prl_len + priority_len > sizeof(priority_list))
263 prl_len = sizeof(priority_list) - priority_len;
264
265 memcpy(&priority_list[priority_len], prl, prl_len);
266 priority_len += prl_len;
267 prl = priority_list;
268 } else {
269 memcpy(&priority_list[priority_len],
270 dhcp_option_default_priority_list,
271 sizeof_dhcp_option_default_priority_list);
272 priority_len += sizeof_dhcp_option_default_priority_list;
273 }
274
275 /* Copy the options into the big buffer... */
276 option_size = store_options(
277 buffer,
278 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) +
279 ((overload & 2) ? DHCP_SNAME_LEN : 0)),
280 options, priority_list, priority_len, main_buffer_size,
281 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)),
282 terminate);
283
284 /* Put the cookie up front... */
285 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4);
286 mainbufix = 4;
287
288 /*
289 * If we're going to have to overload, store the overload option
290 * at the beginning. If we can, though, just store the whole
291 * thing in the packet's option buffer and leave it at that.
292 */
293 if (option_size <= main_buffer_size - mainbufix) {
294 memcpy(&outpacket->options[mainbufix],
295 buffer, option_size);
296 mainbufix += option_size;
297 if (mainbufix < main_buffer_size)
298 outpacket->options[mainbufix++] = DHO_END;
299 length = DHCP_FIXED_NON_UDP + mainbufix;
300 } else {
301 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD;
302 outpacket->options[mainbufix++] = 1;
303 if (option_size >
304 main_buffer_size - mainbufix + DHCP_FILE_LEN)
305 outpacket->options[mainbufix++] = 3;
306 else
307 outpacket->options[mainbufix++] = 1;
308
309 memcpy(&outpacket->options[mainbufix],
310 buffer, main_buffer_size - mainbufix);
311 bufix = main_buffer_size - mainbufix;
312 length = DHCP_FIXED_NON_UDP + mainbufix;
313 if (overload & 1) {
314 if (option_size - bufix <= DHCP_FILE_LEN) {
315 memcpy(outpacket->file,
316 &buffer[bufix], option_size - bufix);
317 mainbufix = option_size - bufix;
318 if (mainbufix < DHCP_FILE_LEN)
319 outpacket->file[mainbufix++] = (char)DHO_END;
320 while (mainbufix < DHCP_FILE_LEN)
321 outpacket->file[mainbufix++] = (char)DHO_PAD;
322 } else {
323 memcpy(outpacket->file,
324 &buffer[bufix], DHCP_FILE_LEN);
325 bufix += DHCP_FILE_LEN;
326 }
327 }
328 if ((overload & 2) && option_size < bufix) {
329 memcpy(outpacket->sname,
330 &buffer[bufix], option_size - bufix);
331
332 mainbufix = option_size - bufix;
333 if (mainbufix < DHCP_SNAME_LEN)
334 outpacket->file[mainbufix++] = (char)DHO_END;
335 while (mainbufix < DHCP_SNAME_LEN)
336 outpacket->file[mainbufix++] = (char)DHO_PAD;
337 }
338 }
339 return (length);
340}
341
342/*
343 * Store all the requested options into the requested buffer.
344 */
345int
346store_options(unsigned char *buffer, int buflen, struct tree_cache **options,
347 unsigned char *priority_list, int priority_len, int first_cutoff,
348 int second_cutoff, int terminate)
349{
350 int bufix = 0, option_stored[256], i, ix, tto;
351
352 /* Zero out the stored-lengths array. */
353 memset(option_stored, 0, sizeof(option_stored));
354
355 /*
356 * Copy out the options in the order that they appear in the
357 * priority list...
358 */
359 for (i = 0; i < priority_len; i++) {
360 /* Code for next option to try to store. */
361 int code = priority_list[i];
362 int optstart;
363
364 /*
365 * Number of bytes left to store (some may already have
366 * been stored by a previous pass).
367 */
368 int length;
369
370 /* If no data is available for this option, skip it. */
371 if (!options[code]) {
372 continue;
373 }
374
375 /*
376 * The client could ask for things that are mandatory,
377 * in which case we should avoid storing them twice...
378 */
379 if (option_stored[code])
380 continue;
381 option_stored[code] = 1;
382
383 /* We should now have a constant length for the option. */
384 length = options[code]->len;
385
386 /* Do we add a NUL? */
387 if (terminate && dhcp_options[code].format[0] == 't') {
388 length++;
389 tto = 1;
390 } else
391 tto = 0;
392
393 /* Try to store the option. */
394
395 /*
396 * If the option's length is more than 255, we must
397 * store it in multiple hunks. Store 255-byte hunks
398 * first. However, in any case, if the option data will
399 * cross a buffer boundary, split it across that
400 * boundary.
401 */
402 ix = 0;
403
404 optstart = bufix;
405 while (length) {
406 unsigned char incr = length > 255 ? 255 : length;
407
408 /*
409 * If this hunk of the buffer will cross a
410 * boundary, only go up to the boundary in this
411 * pass.
412 */
413 if (bufix < first_cutoff &&
414 bufix + incr > first_cutoff)
415 incr = first_cutoff - bufix;
416 else if (bufix < second_cutoff &&
417 bufix + incr > second_cutoff)
418 incr = second_cutoff - bufix;
419
420 /*
421 * If this option is going to overflow the
422 * buffer, skip it.
423 */
424 if (bufix + 2 + incr > buflen) {
425 bufix = optstart;
426 break;
427 }
428
429 /* Everything looks good - copy it in! */
430 buffer[bufix] = code;
431 buffer[bufix + 1] = incr;
432 if (tto && incr == length) {
433 memcpy(buffer + bufix + 2,
434 options[code]->value + ix, incr - 1);
435 buffer[bufix + 2 + incr - 1] = 0;
436 } else
437 memcpy(buffer + bufix + 2,
438 options[code]->value + ix, incr);
439 length -= incr;
440 ix += incr;
441 bufix += 2 + incr;
442 }
443 }
444 return (bufix);
445}
446
447/*
448 * Format the specified option so that a human can easily read it.
449 */
450char *
451pretty_print_option(unsigned int code, unsigned char *data, int len,
452 int emit_commas, int emit_quotes)
453{
454 static char optbuf[32768]; /* XXX */
455 int hunksize = 0, numhunk = -1, numelem = 0;
456 char fmtbuf[32], *op = optbuf;
457 int i, j, k, opleft = sizeof(optbuf);
458 unsigned char *dp = data;
459 struct in_addr foo;
460 char comma;
461
462 /* Code should be between 0 and 255. */
463 if (code > 255)
464 error("pretty_print_option: bad code %d", code);
465
466 if (emit_commas)
467 comma = ',';
468 else
469 comma = ' ';
470
471 /* Figure out the size of the data. */
472 for (i = 0; dhcp_options[code].format[i]; i++) {
473 if (!numhunk) {
474 warning("%s: Excess information in format string: %s",
475 dhcp_options[code].name,
476 &(dhcp_options[code].format[i]));
477 break;
478 }
479 numelem++;
480 fmtbuf[i] = dhcp_options[code].format[i];
481 switch (dhcp_options[code].format[i]) {
482 case 'A':
483 --numelem;
484 fmtbuf[i] = 0;
485 numhunk = 0;
486 break;
487 case 'X':
488 for (k = 0; k < len; k++)
489 if (!isascii(data[k]) ||
490 !isprint(data[k]))
491 break;
492 if (k == len) {
493 fmtbuf[i] = 't';
494 numhunk = -2;
495 } else {
496 fmtbuf[i] = 'x';
497 hunksize++;
498 comma = ':';
499 numhunk = 0;
500 }
501 fmtbuf[i + 1] = 0;
502 break;
503 case 't':
504 fmtbuf[i] = 't';
505 fmtbuf[i + 1] = 0;
506 numhunk = -2;
507 break;
508 case 'I':
509 case 'l':
510 case 'L':
511 hunksize += 4;
512 break;
513 case 's':
514 case 'S':
515 hunksize += 2;
516 break;
517 case 'b':
518 case 'B':
519 case 'f':
520 hunksize++;
521 break;
522 case 'e':
523 break;
524 default:
525 warning("%s: garbage in format string: %s",
526 dhcp_options[code].name,
527 &(dhcp_options[code].format[i]));
528 break;
529 }
530 }
531
532 /* Check for too few bytes... */
533 if (hunksize > len) {
534 warning("%s: expecting at least %d bytes; got %d",
535 dhcp_options[code].name, hunksize, len);
536 return ("<error>");
537 }
538 /* Check for too many bytes... */
539 if (numhunk == -1 && hunksize < len)
540 warning("%s: %d extra bytes",
541 dhcp_options[code].name, len - hunksize);
542
543 /* If this is an array, compute its size. */
544 if (!numhunk)
545 numhunk = len / hunksize;
546 /* See if we got an exact number of hunks. */
547 if (numhunk > 0 && numhunk * hunksize < len)
548 warning("%s: %d extra bytes at end of array",
549 dhcp_options[code].name, len - numhunk * hunksize);
550
551 /* A one-hunk array prints the same as a single hunk. */
552 if (numhunk < 0)
553 numhunk = 1;
554
555 /* Cycle through the array (or hunk) printing the data. */
556 for (i = 0; i < numhunk; i++) {
557 for (j = 0; j < numelem; j++) {
558 int opcount;
559 switch (fmtbuf[j]) {
560 case 't':
561 if (emit_quotes) {
562 *op++ = '"';
563 opleft--;
564 }
565 for (; dp < data + len; dp++) {
566 if (!isascii(*dp) ||
567 !isprint(*dp)) {
568 if (dp + 1 != data + len ||
569 *dp != 0) {
570 snprintf(op, opleft,
571 "\\%03o", *dp);
572 op += 4;
573 opleft -= 4;
574 }
575 } else if (*dp == '"' ||
576 *dp == '\'' ||
577 *dp == '$' ||
578 *dp == '`' ||
579 *dp == '\\') {
580 *op++ = '\\';
581 *op++ = *dp;
582 opleft -= 2;
583 } else {
584 *op++ = *dp;
585 opleft--;
586 }
587 }
588 if (emit_quotes) {
589 *op++ = '"';
590 opleft--;
591 }
592
593 *op = 0;
594 break;
595 case 'I':
596 foo.s_addr = htonl(getULong(dp));
597 opcount = strlcpy(op, inet_ntoa(foo), opleft);
598 if (opcount >= opleft)
599 goto toobig;
600 opleft -= opcount;
601 dp += 4;
602 break;
603 case 'l':
604 opcount = snprintf(op, opleft, "%ld",
605 (long)getLong(dp));
606 if (opcount >= opleft || opcount == -1)
607 goto toobig;
608 opleft -= opcount;
609 dp += 4;
610 break;
611 case 'L':
612 opcount = snprintf(op, opleft, "%ld",
613 (unsigned long)getULong(dp));
614 if (opcount >= opleft || opcount == -1)
615 goto toobig;
616 opleft -= opcount;
617 dp += 4;
618 break;
619 case 's':
620 opcount = snprintf(op, opleft, "%d",
621 getShort(dp));
622 if (opcount >= opleft || opcount == -1)
623 goto toobig;
624 opleft -= opcount;
625 dp += 2;
626 break;
627 case 'S':
628 opcount = snprintf(op, opleft, "%d",
629 getUShort(dp));
630 if (opcount >= opleft || opcount == -1)
631 goto toobig;
632 opleft -= opcount;
633 dp += 2;
634 break;
635 case 'b':
636 opcount = snprintf(op, opleft, "%d",
637 *(char *)dp++);
638 if (opcount >= opleft || opcount == -1)
639 goto toobig;
640 opleft -= opcount;
641 break;
642 case 'B':
643 opcount = snprintf(op, opleft, "%d", *dp++);
644 if (opcount >= opleft || opcount == -1)
645 goto toobig;
646 opleft -= opcount;
647 break;
648 case 'x':
649 opcount = snprintf(op, opleft, "%x", *dp++);
650 if (opcount >= opleft || opcount == -1)
651 goto toobig;
652 opleft -= opcount;
653 break;
654 case 'f':
655 opcount = strlcpy(op,
656 *dp++ ? "true" : "false", opleft);
657 if (opcount >= opleft)
658 goto toobig;
659 opleft -= opcount;
660 break;
661 default:
662 warning("Unexpected format code %c", fmtbuf[j]);
663 }
664 op += strlen(op);
665 opleft -= strlen(op);
666 if (opleft < 1)
667 goto toobig;
668 if (j + 1 < numelem && comma != ':') {
669 *op++ = ' ';
670 opleft--;
671 }
672 }
673 if (i + 1 < numhunk) {
674 *op++ = comma;
675 opleft--;
676 }
677 if (opleft < 1)
678 goto toobig;
679
680 }
681 return (optbuf);
682 toobig:
683 warning("dhcp option too large");
684 return ("<error>");
685}
686
687void
688do_packet(struct interface_info *interface, struct dhcp_packet *packet,
689 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom)
690{
691 struct packet tp;
692 int i;
693
694 if (packet->hlen > sizeof(packet->chaddr)) {
695 note("Discarding packet with invalid hlen.");
696 return;
697 }
698
699 memset(&tp, 0, sizeof(tp));
700 tp.raw = packet;
701 tp.packet_length = len;
702 tp.client_port = from_port;
703 tp.client_addr = from;
704 tp.interface = interface;
705 tp.haddr = hfrom;
706
707 parse_options(&tp);
708 if (tp.options_valid &&
709 tp.options[DHO_DHCP_MESSAGE_TYPE].data)
710 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
711 if (tp.packet_type)
712 dhcp(&tp);
713 else
714 bootp(&tp);
715
716 /* Free the data associated with the options. */
717 for (i = 0; i < 256; i++)
718 if (tp.options[i].len && tp.options[i].data)
719 free(tp.options[i].data);
720}
| 363 * cons options into a big buffer, and then split them out into the
364 * three separate buffers if needed. This allows us to cons up a set of
365 * vendor options using the same routine.
366 */
367int
368cons_options(struct packet *inpacket, struct dhcp_packet *outpacket,
369 int mms, struct tree_cache **options,
370 int overload, /* Overload flags that may be set. */
371 int terminate, int bootpp, u_int8_t *prl, int prl_len)
372{
373 unsigned char priority_list[300], buffer[4096];
374 int priority_len, main_buffer_size, mainbufix, bufix;
375 int option_size, length;
376
377 /*
378 * If the client has provided a maximum DHCP message size, use
379 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use
380 * up to the minimum IP MTU size (576 bytes).
381 *
382 * XXX if a BOOTP client specifies a max message size, we will
383 * honor it.
384 */
385 if (!mms &&
386 inpacket &&
387 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data &&
388 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >=
389 sizeof(u_int16_t)))
390 mms = getUShort(
391 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data);
392
393 if (mms)
394 main_buffer_size = mms - DHCP_FIXED_LEN;
395 else if (bootpp)
396 main_buffer_size = 64;
397 else
398 main_buffer_size = 576 - DHCP_FIXED_LEN;
399
400 if (main_buffer_size > sizeof(buffer))
401 main_buffer_size = sizeof(buffer);
402
403 /* Preload the option priority list with mandatory options. */
404 priority_len = 0;
405 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE;
406 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
407 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME;
408 priority_list[priority_len++] = DHO_DHCP_MESSAGE;
409
410 /*
411 * If the client has provided a list of options that it wishes
412 * returned, use it to prioritize. Otherwise, prioritize based
413 * on the default priority list.
414 */
415 if (inpacket &&
416 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
417 int prlen =
418 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len;
419 if (prlen + priority_len > sizeof(priority_list))
420 prlen = sizeof(priority_list) - priority_len;
421
422 memcpy(&priority_list[priority_len],
423 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data,
424 prlen);
425 priority_len += prlen;
426 prl = priority_list;
427 } else if (prl) {
428 if (prl_len + priority_len > sizeof(priority_list))
429 prl_len = sizeof(priority_list) - priority_len;
430
431 memcpy(&priority_list[priority_len], prl, prl_len);
432 priority_len += prl_len;
433 prl = priority_list;
434 } else {
435 memcpy(&priority_list[priority_len],
436 dhcp_option_default_priority_list,
437 sizeof_dhcp_option_default_priority_list);
438 priority_len += sizeof_dhcp_option_default_priority_list;
439 }
440
441 /* Copy the options into the big buffer... */
442 option_size = store_options(
443 buffer,
444 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) +
445 ((overload & 2) ? DHCP_SNAME_LEN : 0)),
446 options, priority_list, priority_len, main_buffer_size,
447 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)),
448 terminate);
449
450 /* Put the cookie up front... */
451 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4);
452 mainbufix = 4;
453
454 /*
455 * If we're going to have to overload, store the overload option
456 * at the beginning. If we can, though, just store the whole
457 * thing in the packet's option buffer and leave it at that.
458 */
459 if (option_size <= main_buffer_size - mainbufix) {
460 memcpy(&outpacket->options[mainbufix],
461 buffer, option_size);
462 mainbufix += option_size;
463 if (mainbufix < main_buffer_size)
464 outpacket->options[mainbufix++] = DHO_END;
465 length = DHCP_FIXED_NON_UDP + mainbufix;
466 } else {
467 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD;
468 outpacket->options[mainbufix++] = 1;
469 if (option_size >
470 main_buffer_size - mainbufix + DHCP_FILE_LEN)
471 outpacket->options[mainbufix++] = 3;
472 else
473 outpacket->options[mainbufix++] = 1;
474
475 memcpy(&outpacket->options[mainbufix],
476 buffer, main_buffer_size - mainbufix);
477 bufix = main_buffer_size - mainbufix;
478 length = DHCP_FIXED_NON_UDP + mainbufix;
479 if (overload & 1) {
480 if (option_size - bufix <= DHCP_FILE_LEN) {
481 memcpy(outpacket->file,
482 &buffer[bufix], option_size - bufix);
483 mainbufix = option_size - bufix;
484 if (mainbufix < DHCP_FILE_LEN)
485 outpacket->file[mainbufix++] = (char)DHO_END;
486 while (mainbufix < DHCP_FILE_LEN)
487 outpacket->file[mainbufix++] = (char)DHO_PAD;
488 } else {
489 memcpy(outpacket->file,
490 &buffer[bufix], DHCP_FILE_LEN);
491 bufix += DHCP_FILE_LEN;
492 }
493 }
494 if ((overload & 2) && option_size < bufix) {
495 memcpy(outpacket->sname,
496 &buffer[bufix], option_size - bufix);
497
498 mainbufix = option_size - bufix;
499 if (mainbufix < DHCP_SNAME_LEN)
500 outpacket->file[mainbufix++] = (char)DHO_END;
501 while (mainbufix < DHCP_SNAME_LEN)
502 outpacket->file[mainbufix++] = (char)DHO_PAD;
503 }
504 }
505 return (length);
506}
507
508/*
509 * Store all the requested options into the requested buffer.
510 */
511int
512store_options(unsigned char *buffer, int buflen, struct tree_cache **options,
513 unsigned char *priority_list, int priority_len, int first_cutoff,
514 int second_cutoff, int terminate)
515{
516 int bufix = 0, option_stored[256], i, ix, tto;
517
518 /* Zero out the stored-lengths array. */
519 memset(option_stored, 0, sizeof(option_stored));
520
521 /*
522 * Copy out the options in the order that they appear in the
523 * priority list...
524 */
525 for (i = 0; i < priority_len; i++) {
526 /* Code for next option to try to store. */
527 int code = priority_list[i];
528 int optstart;
529
530 /*
531 * Number of bytes left to store (some may already have
532 * been stored by a previous pass).
533 */
534 int length;
535
536 /* If no data is available for this option, skip it. */
537 if (!options[code]) {
538 continue;
539 }
540
541 /*
542 * The client could ask for things that are mandatory,
543 * in which case we should avoid storing them twice...
544 */
545 if (option_stored[code])
546 continue;
547 option_stored[code] = 1;
548
549 /* We should now have a constant length for the option. */
550 length = options[code]->len;
551
552 /* Do we add a NUL? */
553 if (terminate && dhcp_options[code].format[0] == 't') {
554 length++;
555 tto = 1;
556 } else
557 tto = 0;
558
559 /* Try to store the option. */
560
561 /*
562 * If the option's length is more than 255, we must
563 * store it in multiple hunks. Store 255-byte hunks
564 * first. However, in any case, if the option data will
565 * cross a buffer boundary, split it across that
566 * boundary.
567 */
568 ix = 0;
569
570 optstart = bufix;
571 while (length) {
572 unsigned char incr = length > 255 ? 255 : length;
573
574 /*
575 * If this hunk of the buffer will cross a
576 * boundary, only go up to the boundary in this
577 * pass.
578 */
579 if (bufix < first_cutoff &&
580 bufix + incr > first_cutoff)
581 incr = first_cutoff - bufix;
582 else if (bufix < second_cutoff &&
583 bufix + incr > second_cutoff)
584 incr = second_cutoff - bufix;
585
586 /*
587 * If this option is going to overflow the
588 * buffer, skip it.
589 */
590 if (bufix + 2 + incr > buflen) {
591 bufix = optstart;
592 break;
593 }
594
595 /* Everything looks good - copy it in! */
596 buffer[bufix] = code;
597 buffer[bufix + 1] = incr;
598 if (tto && incr == length) {
599 memcpy(buffer + bufix + 2,
600 options[code]->value + ix, incr - 1);
601 buffer[bufix + 2 + incr - 1] = 0;
602 } else
603 memcpy(buffer + bufix + 2,
604 options[code]->value + ix, incr);
605 length -= incr;
606 ix += incr;
607 bufix += 2 + incr;
608 }
609 }
610 return (bufix);
611}
612
613/*
614 * Format the specified option so that a human can easily read it.
615 */
616char *
617pretty_print_option(unsigned int code, unsigned char *data, int len,
618 int emit_commas, int emit_quotes)
619{
620 static char optbuf[32768]; /* XXX */
621 int hunksize = 0, numhunk = -1, numelem = 0;
622 char fmtbuf[32], *op = optbuf;
623 int i, j, k, opleft = sizeof(optbuf);
624 unsigned char *dp = data;
625 struct in_addr foo;
626 char comma;
627
628 /* Code should be between 0 and 255. */
629 if (code > 255)
630 error("pretty_print_option: bad code %d", code);
631
632 if (emit_commas)
633 comma = ',';
634 else
635 comma = ' ';
636
637 /* Figure out the size of the data. */
638 for (i = 0; dhcp_options[code].format[i]; i++) {
639 if (!numhunk) {
640 warning("%s: Excess information in format string: %s",
641 dhcp_options[code].name,
642 &(dhcp_options[code].format[i]));
643 break;
644 }
645 numelem++;
646 fmtbuf[i] = dhcp_options[code].format[i];
647 switch (dhcp_options[code].format[i]) {
648 case 'A':
649 --numelem;
650 fmtbuf[i] = 0;
651 numhunk = 0;
652 break;
653 case 'X':
654 for (k = 0; k < len; k++)
655 if (!isascii(data[k]) ||
656 !isprint(data[k]))
657 break;
658 if (k == len) {
659 fmtbuf[i] = 't';
660 numhunk = -2;
661 } else {
662 fmtbuf[i] = 'x';
663 hunksize++;
664 comma = ':';
665 numhunk = 0;
666 }
667 fmtbuf[i + 1] = 0;
668 break;
669 case 't':
670 fmtbuf[i] = 't';
671 fmtbuf[i + 1] = 0;
672 numhunk = -2;
673 break;
674 case 'I':
675 case 'l':
676 case 'L':
677 hunksize += 4;
678 break;
679 case 's':
680 case 'S':
681 hunksize += 2;
682 break;
683 case 'b':
684 case 'B':
685 case 'f':
686 hunksize++;
687 break;
688 case 'e':
689 break;
690 default:
691 warning("%s: garbage in format string: %s",
692 dhcp_options[code].name,
693 &(dhcp_options[code].format[i]));
694 break;
695 }
696 }
697
698 /* Check for too few bytes... */
699 if (hunksize > len) {
700 warning("%s: expecting at least %d bytes; got %d",
701 dhcp_options[code].name, hunksize, len);
702 return ("<error>");
703 }
704 /* Check for too many bytes... */
705 if (numhunk == -1 && hunksize < len)
706 warning("%s: %d extra bytes",
707 dhcp_options[code].name, len - hunksize);
708
709 /* If this is an array, compute its size. */
710 if (!numhunk)
711 numhunk = len / hunksize;
712 /* See if we got an exact number of hunks. */
713 if (numhunk > 0 && numhunk * hunksize < len)
714 warning("%s: %d extra bytes at end of array",
715 dhcp_options[code].name, len - numhunk * hunksize);
716
717 /* A one-hunk array prints the same as a single hunk. */
718 if (numhunk < 0)
719 numhunk = 1;
720
721 /* Cycle through the array (or hunk) printing the data. */
722 for (i = 0; i < numhunk; i++) {
723 for (j = 0; j < numelem; j++) {
724 int opcount;
725 switch (fmtbuf[j]) {
726 case 't':
727 if (emit_quotes) {
728 *op++ = '"';
729 opleft--;
730 }
731 for (; dp < data + len; dp++) {
732 if (!isascii(*dp) ||
733 !isprint(*dp)) {
734 if (dp + 1 != data + len ||
735 *dp != 0) {
736 snprintf(op, opleft,
737 "\\%03o", *dp);
738 op += 4;
739 opleft -= 4;
740 }
741 } else if (*dp == '"' ||
742 *dp == '\'' ||
743 *dp == '$' ||
744 *dp == '`' ||
745 *dp == '\\') {
746 *op++ = '\\';
747 *op++ = *dp;
748 opleft -= 2;
749 } else {
750 *op++ = *dp;
751 opleft--;
752 }
753 }
754 if (emit_quotes) {
755 *op++ = '"';
756 opleft--;
757 }
758
759 *op = 0;
760 break;
761 case 'I':
762 foo.s_addr = htonl(getULong(dp));
763 opcount = strlcpy(op, inet_ntoa(foo), opleft);
764 if (opcount >= opleft)
765 goto toobig;
766 opleft -= opcount;
767 dp += 4;
768 break;
769 case 'l':
770 opcount = snprintf(op, opleft, "%ld",
771 (long)getLong(dp));
772 if (opcount >= opleft || opcount == -1)
773 goto toobig;
774 opleft -= opcount;
775 dp += 4;
776 break;
777 case 'L':
778 opcount = snprintf(op, opleft, "%ld",
779 (unsigned long)getULong(dp));
780 if (opcount >= opleft || opcount == -1)
781 goto toobig;
782 opleft -= opcount;
783 dp += 4;
784 break;
785 case 's':
786 opcount = snprintf(op, opleft, "%d",
787 getShort(dp));
788 if (opcount >= opleft || opcount == -1)
789 goto toobig;
790 opleft -= opcount;
791 dp += 2;
792 break;
793 case 'S':
794 opcount = snprintf(op, opleft, "%d",
795 getUShort(dp));
796 if (opcount >= opleft || opcount == -1)
797 goto toobig;
798 opleft -= opcount;
799 dp += 2;
800 break;
801 case 'b':
802 opcount = snprintf(op, opleft, "%d",
803 *(char *)dp++);
804 if (opcount >= opleft || opcount == -1)
805 goto toobig;
806 opleft -= opcount;
807 break;
808 case 'B':
809 opcount = snprintf(op, opleft, "%d", *dp++);
810 if (opcount >= opleft || opcount == -1)
811 goto toobig;
812 opleft -= opcount;
813 break;
814 case 'x':
815 opcount = snprintf(op, opleft, "%x", *dp++);
816 if (opcount >= opleft || opcount == -1)
817 goto toobig;
818 opleft -= opcount;
819 break;
820 case 'f':
821 opcount = strlcpy(op,
822 *dp++ ? "true" : "false", opleft);
823 if (opcount >= opleft)
824 goto toobig;
825 opleft -= opcount;
826 break;
827 default:
828 warning("Unexpected format code %c", fmtbuf[j]);
829 }
830 op += strlen(op);
831 opleft -= strlen(op);
832 if (opleft < 1)
833 goto toobig;
834 if (j + 1 < numelem && comma != ':') {
835 *op++ = ' ';
836 opleft--;
837 }
838 }
839 if (i + 1 < numhunk) {
840 *op++ = comma;
841 opleft--;
842 }
843 if (opleft < 1)
844 goto toobig;
845
846 }
847 return (optbuf);
848 toobig:
849 warning("dhcp option too large");
850 return ("<error>");
851}
852
853void
854do_packet(struct interface_info *interface, struct dhcp_packet *packet,
855 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom)
856{
857 struct packet tp;
858 int i;
859
860 if (packet->hlen > sizeof(packet->chaddr)) {
861 note("Discarding packet with invalid hlen.");
862 return;
863 }
864
865 memset(&tp, 0, sizeof(tp));
866 tp.raw = packet;
867 tp.packet_length = len;
868 tp.client_port = from_port;
869 tp.client_addr = from;
870 tp.interface = interface;
871 tp.haddr = hfrom;
872
873 parse_options(&tp);
874 if (tp.options_valid &&
875 tp.options[DHO_DHCP_MESSAGE_TYPE].data)
876 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
877 if (tp.packet_type)
878 dhcp(&tp);
879 else
880 bootp(&tp);
881
882 /* Free the data associated with the options. */
883 for (i = 0; i < 256; i++)
884 if (tp.options[i].len && tp.options[i].data)
885 free(tp.options[i].data);
886}
|