dhcp6: refuse zero length vendor class

Also, fixes the maximum length of the vendor class to UINT16_MAX.
Moreover, a memory leak in sd_dhcp6_client_set_request_vendor_class().

diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h
index d02186a4b201436a45b4c0f41787d6720697e348..9a32b007fc98db02bc7d8bf0bb710f9e1b8a2eb4 100644 (file)
--- a/src/libsystemd-network/dhcp6-internal.h
+++ b/src/libsystemd-network/dhcp6-internal.h
@@ -100,7 +100,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia);
 int dhcp6_option_append_pd(uint8_t *buf, size_t len, const DHCP6IA *pd, DHCP6Address *hint_pd_prefix);
 int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn);
 int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *user_class);
-int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **user_class);
+int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *user_class);
 int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHashmap *vendor_options);
 int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode,
                        size_t *optlen, uint8_t **optvalue);

diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
index 8151e66bcad8ec90c764261c5e8092ad97b4954c..9f47c1bbe4ce4a8ff6c41720614377ff0ee0e59c 100644 (file)
--- a/src/libsystemd-network/dhcp6-option.c
+++ b/src/libsystemd-network/dhcp6-option.c
@@ -232,16 +232,16 @@ int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *
         return dhcp6_option_append(buf, buflen, SD_DHCP6_OPTION_USER_CLASS, total, p);
 }
 
-int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **vendor_class) {
+int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *vendor_class) {
         _cleanup_free_ uint8_t *p = NULL;
         uint32_t enterprise_identifier;
         size_t total, offset;
-        char **s;
+        char * const *s;
 
         assert(buf);
         assert(*buf);
         assert(buflen);
-        assert(vendor_class);
+        assert(!strv_isempty(vendor_class));
 
         enterprise_identifier = htobe32(SYSTEMD_PEN);
 
@@ -256,6 +256,9 @@ int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char **vendo
                 size_t len = strlen(*s);
                 uint8_t *q;
 
+                if (len > UINT16_MAX || len == 0)
+                        return -EINVAL;
+
                 q = realloc(p, total + len + 2);
                 if (!q)
                         return -ENOMEM;

diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
index 687661cd5e3ae73ad5eddbccab114bc14155fc2c..788f2e1d42c6ce585ab5a722f69475ad32b36006 100644 (file)
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@@ -485,25 +485,26 @@ int sd_dhcp6_client_set_request_user_class(sd_dhcp6_client *client, char * const
         return strv_free_and_replace(client->user_class, s);
 }
 
-int sd_dhcp6_client_set_request_vendor_class(sd_dhcp6_client *client, char **vendor_class) {
-        _cleanup_strv_free_ char **s = NULL;
-        char **p;
+int sd_dhcp6_client_set_request_vendor_class(sd_dhcp6_client *client, char * const *vendor_class) {
+        char * const *p;
+        char **s;
 
         assert_return(client, -EINVAL);
         assert_return(client->state == DHCP6_STATE_STOPPED, -EBUSY);
-        assert_return(vendor_class, -EINVAL);
+        assert_return(!strv_isempty(vendor_class), -EINVAL);
 
-        STRV_FOREACH(p, vendor_class)
-                if (strlen(*p) > UINT8_MAX)
-                        return -ENAMETOOLONG;
+        STRV_FOREACH(p, vendor_class) {
+                size_t len = strlen(*p);
+
+                if (len > UINT16_MAX || len == 0)
+                        return -EINVAL;
+        }
 
         s = strv_copy(vendor_class);
         if (!s)
                 return -ENOMEM;
 
-        client->vendor_class = TAKE_PTR(s);
-
-        return 0;
+        return strv_free_and_replace(client->vendor_class, s);
 }
 
 int sd_dhcp6_client_get_prefix_delegation(sd_dhcp6_client *client, int *delegation) {

diff --git a/src/systemd/sd-dhcp6-client.h b/src/systemd/sd-dhcp6-client.h
index 492e281f8b57a40e89a109df351abcc59d1cbbfc..84e31701303c39cba454709dc21b43a7b98df03f 100644 (file)
--- a/src/systemd/sd-dhcp6-client.h
+++ b/src/systemd/sd-dhcp6-client.h
@@ -136,7 +136,7 @@ int sd_dhcp6_client_set_request_user_class(
                 char * const *user_class);
 int sd_dhcp6_client_set_request_vendor_class(
                 sd_dhcp6_client *client,
-                char** vendor_class);
+                char * const *vendor_class);
 int sd_dhcp6_client_set_prefix_delegation_hint(
                 sd_dhcp6_client *client,
                 uint8_t prefixlen,