dhcp4: filter bogus DNS/NTP server addresses silently

author Lennart Poettering <lennart@poettering.net>

Fri, 18 Nov 2016 16:19:44 +0000 (17:19 +0100)

committer Lennart Poettering <lennart@poettering.net>

Mon, 21 Nov 2016 21:58:26 +0000 (22:58 +0100)
author Lennart Poettering <lennart@poettering.net>
Fri, 18 Nov 2016 16:19:44 +0000 (17:19 +0100)
committer Lennart Poettering <lennart@poettering.net>
Mon, 21 Nov 2016 21:58:26 +0000 (22:58 +0100)
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c

index 8387b18..7fed55c 100644 (file)
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -383,6 +383,23 @@ static int lease_parse_domain(const uint8_t *option, size_t len, char **ret) {
          return 0;
  }
  
+static void filter_bogus_addresses(struct in_addr *addresses, size_t *n) {
+        size_t i, j;
+
+        /* Silently filter DNS/NTP servers supplied to us that do not make outside of the local scope. */
+
+        for (i = 0, j = 0; i < *n; i ++) {
+
+                if (in4_addr_is_null(addresses+i) ||
+                    in4_addr_is_localhost(addresses+i))
+                        continue;
+
+                addresses[j++] = addresses[i];
+        }
+
+        *n = j;
+}
+
  static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_addr **ret, size_t *n_ret) {
          assert(option);
          assert(ret);
@@ -404,6 +421,8 @@ static int lease_parse_in_addrs(const uint8_t *option, size_t len, struct in_add
                  if (!addresses)
                          return -ENOMEM;
  
+                filter_bogus_addresses(addresses, &n_addresses);
+
                  free(*ret);
                  *ret = addresses;
                  *n_ret = n_addresses;
author	Lennart Poettering <lennart@poettering.net>
	Fri, 18 Nov 2016 16:19:44 +0000 (17:19 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 21 Nov 2016 21:58:26 +0000 (22:58 +0100)