busybox: add 6RD prefix sanity checking as mandated by RFC5969, bump pkg revision
authorJo-Philipp Wich <jow@openwrt.org>
Sun, 14 Nov 2010 05:58:34 +0000 (05:58 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Sun, 14 Nov 2010 05:58:34 +0000 (05:58 +0000)
SVN-Revision: 23990

package/busybox/Makefile
package/busybox/patches/244-udhcpc_add_6rd_option.patch

index e3e5164..f7e64c0 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
 PKG_VERSION:=1.17.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
index 25c5ebf..3037708 100644 (file)
@@ -58,7 +58,7 @@
  /* really simple implementation, just count the bits */
  static int mton(uint32_t mask)
  {
-@@ -177,6 +195,60 @@ static NOINLINE char *xmalloc_optname_op
+@@ -177,6 +195,70 @@ static NOINLINE char *xmalloc_optname_op
  
                        return ret;
                }
 +                       * We convert it to a string "IPv4MaskLen 6rdPrefixLen 6rdPrefix 6rdBRIPv4Address"
 +                       */
 +
-+                      /* IPv4MaskLen */
-+                      dest += sprintf(dest, "%u ", *option++);
-+                      len--;
++                      /* Sanity check: ensure that our length is at least 22 bytes, that
++                       * IPv4MaskLen is <= 32, 6rdPrefixLen <= 128 and that the sum of
++                       * (32 - IPv4MaskLen) + 6rdPrefixLen is less than or equal to 128.
++                       * If any of these requirements is not fulfilled, return with empty
++                       * value.
++                       */
++                      if ((len >= 22) && (*option <= 32) && (*(option+1) <= 128) &&
++                          (((32 - *option) + *(option+1)) <= 128))
++                      {
++                              /* IPv4MaskLen */
++                              dest += sprintf(dest, "%u ", *option++);
++                              len--;
 +
-+                      /* 6rdPrefixLen */
-+                      dest += sprintf(dest, "%u ", *option++);
-+                      len--;
++                              /* 6rdPrefixLen */
++                              dest += sprintf(dest, "%u ", *option++);
++                              len--;
 +
-+                      /* 6rdPrefix */
-+                      dest += sprint_nip6(dest, "", option);
-+                      option += 16;
-+                      len -= 16;
++                              /* 6rdPrefix */
++                              dest += sprint_nip6(dest, "", option);
++                              option += 16;
++                              len -= 16;
 +
-+                      /* 6rdBRIPv4Addresses */
-+                      while (len >= 4)
-+                      {
-+                              dest += sprint_nip(dest, " ", option);
-+                              option += 4;
-+                              len -= 4;
++                              /* 6rdBRIPv4Addresses */
++                              while (len >= 4)
++                              {
++                                      dest += sprint_nip(dest, " ", option);
++                                      option += 4;
++                                      len -= 4;
 +
-+                              /* the code to determine the option size fails to work with
-+                               * lengths that are not a multiple of the minimum length,
-+                               * adding all advertised 6rdBRIPv4Addresses here would
-+                               * overflow the destination buffer, therefore skip the rest
-+                               * for now
-+                               */
-+                              break;
++                                      /* the code to determine the option size fails to work with
++                                       * lengths that are not a multiple of the minimum length,
++                                       * adding all advertised 6rdBRIPv4Addresses here would
++                                       * overflow the destination buffer, therefore skip the rest
++                                       * for now
++                                       */
++                                      break;
++                              }
 +                      }
 +
 +                      return ret;