From: Roy Marples <roy@marples.name>
Date: Thu, 16 Apr 2015 15:31:28 +0000 (+0000)
Subject: Ensure static routes are in multiples of 8 and the destination is not the default... 
X-Git-Tag: v6.8.2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8da05324fd1c0ae8f4e03a7053c7413699452901;p=thirdparty%2Fdhcpcd.git

Ensure static routes are in multiples of 8 and the destination is not the default route as noted in RFC2132 5.8
---

diff --git a/dhcp.c b/dhcp.c
index 7b2a79e8..685abfc9 100644
--- a/dhcp.c
+++ b/dhcp.c
@@ -624,11 +624,11 @@ get_option_routes(struct interface *ifp, const struct dhcp_message *dhcp)
 		p = get_option(ifp->ctx, dhcp, DHO_STATICROUTE, &len);
 	else
 		p = NULL;
-	if (p) {
+	/* RFC 2131 Section 5.8 states length MUST be in multiples of 8 */
+	if (p && len % 8 == 0) {
 		e = p + len;
 		while (p < e) {
-			route = calloc(1, sizeof(*route));
-			if (route == NULL) {
+			if ((route = calloc(1, sizeof(*route))) == NULL) {
 				logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
 				ipv4_freeroutes(routes);
 				return NULL;
@@ -637,6 +637,13 @@ get_option_routes(struct interface *ifp, const struct dhcp_message *dhcp)
 			p += 4;
 			memcpy(&route->gate.s_addr, p, 4);
 			p += 4;
+			/* RFC 2131 Section 5.8 states default route is
+			 * illegal */
+			if (route->dest.s_addr == htonl(INADDR_ANY)) {
+				errno = EINVAL;
+				free(route);
+				continue;
+			}
 			route->net.s_addr = route_netmask(route->dest.s_addr);
 			TAILQ_INSERT_TAIL(routes, route, next);
 		}
@@ -650,8 +657,7 @@ get_option_routes(struct interface *ifp, const struct dhcp_message *dhcp)
 	if (p) {
 		e = p + len;
 		while (p < e) {
-			route = calloc(1, sizeof(*route));
-			if (route == NULL) {
+			if ((route = calloc(1, sizeof(*route))) == NULL) {
 				logger(ifp->ctx, LOG_ERR, "%s: %m", __func__);
 				ipv4_freeroutes(routes);
 				return NULL;