projects / platform / kernel / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8295332)
net: reject Bootp/DHCP packets with bad OP value
authorStefan Brüns <stefan.bruens@rwth-aachen.de>
Thu, 27 Aug 2015 21:53:26 +0000 (23:53 +0200)
committerJoe Hershberger <joe.hershberger@ni.com>
Wed, 28 Oct 2015 19:54:19 +0000 (14:54 -0500)
Rename check_packet to check_reply_packet to make its function more
obvious.
The check for DHCP_* values is completely off, as it should
compare against DHCP option 53 (Message Type). Only valid value for
any Bootp/DHCP reply is BOOTREPLY.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
net/bootp.c patch | blob | history

diff --git a/net/bootp.c b/net/bootp.c
index fbdc7cb..3fac7f3 100644 (file)
--- a/net/bootp.c
+++ b/net/bootp.c
@@ -109,7 +109,8 @@ static bool bootp_match_id(ulong id)
        return false;
 }
 
-static int check_packet(uchar *pkt, unsigned dest, unsigned src, unsigned len)
+static int check_reply_packet(uchar *pkt, unsigned dest, unsigned src,
+                             unsigned len)
 {
        struct bootp_hdr *bp = (struct bootp_hdr *)pkt;
        int retval = 0;
@@ -118,11 +119,7 @@ static int check_packet(uchar *pkt, unsigned dest, unsigned src, unsigned len)
                retval = -1;
        else if (len < sizeof(struct bootp_hdr) - OPT_FIELD_SIZE)
                retval = -2;
-       else if (bp->bp_op != OP_BOOTREQUEST &&
-                       bp->bp_op != OP_BOOTREPLY &&
-                       bp->bp_op != DHCP_OFFER &&
-                       bp->bp_op != DHCP_ACK &&
-                       bp->bp_op != DHCP_NAK)
+       else if (bp->bp_op != OP_BOOTREPLY)
                retval = -3;
        else if (bp->bp_htype != HWT_ETHER)
                retval = -4;
@@ -343,7 +340,7 @@ static void bootp_handler(uchar *pkt, unsigned dest, struct in_addr sip,
        bp = (struct bootp_hdr *)pkt;
 
        /* Filter out pkts we don't want */
-       if (check_packet(pkt, dest, src, len))
+       if (check_reply_packet(pkt, dest, src, len))
                return;
 
        /*
@@ -960,7 +957,7 @@ static void dhcp_handler(uchar *pkt, unsigned dest, struct in_addr sip,
              src, dest, len, dhcp_state);
 
        /* Filter out pkts we don't want */
-       if (check_packet(pkt, dest, src, len))
+       if (check_reply_packet(pkt, dest, src, len))
                return;
 
        debug("DHCPHandler: got DHCP packet: (src=%d, dst=%d, len=%d) state: "
Domain: System / Kernel;