From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Nov 2023 17:43:50 +0000 (+0900)
Subject: network/dhcp: actually refuse to assign DHCP option when an invalid string is passed
X-Git-Tag: v255-rc3~41
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fbf946ce22ef778bf6bf04c117b75c9c63ac7e66;p=thirdparty%2Fsystemd.git

network/dhcp: actually refuse to assign DHCP option when an invalid string is passed

Prompted by #30029.
---

diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c
index 195ce2d71fa..080b15387c3 100644
--- a/src/network/networkd-dhcp-common.c
+++ b/src/network/networkd-dhcp-common.c
@@ -1014,9 +1014,11 @@ int config_parse_dhcp_send_option(
         }
         case DHCP_OPTION_DATA_STRING:
                 sz = cunescape(p, UNESCAPE_ACCEPT_NUL, &q);
-                if (sz < 0)
+                if (sz < 0) {
                         log_syntax(unit, LOG_WARNING, filename, line, sz,
                                    "Failed to decode DHCP option data, ignoring assignment: %s", p);
+                        return 0;
+                }
 
                 udata = q;
                 break;
diff --git a/test/fuzz/fuzz-network-parser/dhcp-option b/test/fuzz/fuzz-network-parser/dhcp-option
new file mode 100644
index 00000000000..821609c939c
--- /dev/null
+++ b/test/fuzz/fuzz-network-parser/dhcp-option
@@ -0,0 +1,5 @@
+[DHCPv6]
+SendOption=1:string:\U
+SendVendorOption=123:1:string:\U
+[DHCPv4]
+SendOption=1:string:\U