From: Lennart Poettering Date: Fri, 18 Nov 2016 16:11:12 +0000 (+0100) Subject: networkd: do not automatically propagate bogus DNS/NTP servers X-Git-Tag: v233~402^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=49ad68298a1c244b6acffff28e7648d803a57563;p=thirdparty%2Fsystemd.git networkd: do not automatically propagate bogus DNS/NTP servers Never propagate DNS/NTP servers on the local link via the DHCP server. The DNS/NTP servers 0.0.0.0 and 127.0.0.1 only make sense in the local context, hence never propagate them automatically to other hosts. Fixes: #4524 --- diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 216f4aab529..b38eec1ba7b 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -862,15 +862,22 @@ static int link_push_uplink_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) { return 0; for (i = 0; i < link->network->n_dns; i++) { + struct in_addr ia; /* Only look for IPv4 addresses */ if (link->network->dns[i].family != AF_INET) continue; + ia = link->network->dns[i].address.in; + + /* Never propagate obviously borked data */ + if (in4_addr_is_null(&ia) || in4_addr_is_localhost(&ia)) + continue; + if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1)) return log_oom(); - addresses[n_addresses++] = link->network->dns[i].address.in; + addresses[n_addresses++] = ia; } if (link->network->dhcp_use_dns && link->dhcp_lease) { @@ -911,6 +918,10 @@ static int link_push_uplink_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) { if (inet_pton(AF_INET, *a, &ia) <= 0) continue; + /* Never propagate obviously borked data */ + if (in4_addr_is_null(&ia) || in4_addr_is_localhost(&ia)) + continue; + if (!GREEDY_REALLOC(addresses, n_allocated, n_addresses + 1)) return log_oom();