network/dhcp: actually refuse to assign DHCP option when an invalid string is passed

author Yu Watanabe <watanabe.yu+github@gmail.com>

Fri, 17 Nov 2023 17:43:50 +0000 (02:43 +0900)

committer Luca Boccassi <luca.boccassi@gmail.com>

Sat, 18 Nov 2023 11:19:17 +0000 (11:19 +0000)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Fri, 17 Nov 2023 17:43:50 +0000 (02:43 +0900)
committer Luca Boccassi <luca.boccassi@gmail.com>
Sat, 18 Nov 2023 11:19:17 +0000 (11:19 +0000)
diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c

index 195ce2d71fa126e4643472933ac2720c7fea0002..080b15387c3a128e7d993496db98470b53e9414b 100644 (file)
--- a/src/network/networkd-dhcp-common.c
+++ b/src/network/networkd-dhcp-common.c
@@ -1014,9 +1014,11 @@ int config_parse_dhcp_send_option(
          }
          case DHCP_OPTION_DATA_STRING:
                  sz = cunescape(p, UNESCAPE_ACCEPT_NUL, &q);
-                if (sz < 0)
+                if (sz < 0) {
                          log_syntax(unit, LOG_WARNING, filename, line, sz,
                                     "Failed to decode DHCP option data, ignoring assignment: %s", p);
+                        return 0;
+                }
  
                  udata = q;
                  break;
diff --git a/test/fuzz/fuzz-network-parser/dhcp-option b/test/fuzz/fuzz-network-parser/dhcp-option

new file mode 100644 (file)

index 0000000..821609c
--- /dev/null
+++ b/test/fuzz/fuzz-network-parser/dhcp-option
@@ -0,0 +1,5 @@
+[DHCPv6]
+SendOption=1:string:\U
+SendVendorOption=123:1:string:\U
+[DHCPv4]
+SendOption=1:string:\U
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 17 Nov 2023 17:43:50 +0000 (02:43 +0900)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Sat, 18 Nov 2023 11:19:17 +0000 (11:19 +0000)
src/network/networkd-dhcp-common.c		patch \| blob \| blame \| history
test/fuzz/fuzz-network-parser/dhcp-option	[new file with mode: 0644]	patch \| blob