1 /* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */
2
3 /* DHCP options parsing and reassembly. */
4
5 /*-
6 * SPDX-License-Identifier: BSD-3-Clause
7 *
8 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of The Internet Software Consortium nor the names
21 * of its contributors may be used to endorse or promote products derived
22 * from this software without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
25 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
26 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
32 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
34 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
35 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * This software has been written for the Internet Software Consortium
39 * by Ted Lemon <[email protected]> in cooperation with Vixie
40 * Enterprises. To learn more about the Internet Software Consortium,
41 * see ``http://www.vix.com/isc''. To learn more about Vixie
42 * Enterprises, see ``http://www.vix.com''.
43 */
44
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47
48 #include <ctype.h>
49
50 #define DHCP_OPTION_DATA
51 #include "dhcpd.h"
52
53 static int bad_options = 0;
54 static int bad_options_max = 5;
55
56 void parse_options(struct packet *);
57 void parse_option_buffer(struct packet *, unsigned char *, int);
58 unsigned store_options(unsigned char *, int, struct tree_cache **,
59 unsigned char *, int, int, int, int);
60 void expand_domain_search(struct packet *packet);
61 int find_search_domain_name_len(struct option_data *option, size_t *offset);
62 void expand_search_domain_name(struct option_data *option, size_t *offset,
63 unsigned char **domain_search);
64
65
66 /*
67 * Parse all available options out of the specified packet.
68 */
69 void
parse_options(struct packet * packet)70 parse_options(struct packet *packet)
71 {
72 /* Initially, zero all option pointers. */
73 memset(packet->options, 0, sizeof(packet->options));
74
75 /* If we don't see the magic cookie, there's nothing to parse. */
76 if (memcmp(packet->raw->options, DHCP_OPTIONS_COOKIE, 4)) {
77 packet->options_valid = 0;
78 return;
79 }
80
81 /*
82 * Go through the options field, up to the end of the packet or
83 * the End field.
84 */
85 parse_option_buffer(packet, &packet->raw->options[4],
86 packet->packet_length - DHCP_FIXED_NON_UDP - 4);
87
88 /*
89 * If we parsed a DHCP Option Overload option, parse more
90 * options out of the buffer(s) containing them.
91 */
92 if (packet->options_valid &&
93 packet->options[DHO_DHCP_OPTION_OVERLOAD].data) {
94 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
95 parse_option_buffer(packet,
96 (unsigned char *)packet->raw->file,
97 sizeof(packet->raw->file));
98 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
99 parse_option_buffer(packet,
100 (unsigned char *)packet->raw->sname,
101 sizeof(packet->raw->sname));
102 }
103
104 /* Expand DHCP Domain Search option. */
105 if (packet->options_valid) {
106 expand_domain_search(packet);
107 }
108 }
109
110 /*
111 * Parse options out of the specified buffer, storing addresses of
112 * option values in packet->options and setting packet->options_valid if
113 * no errors are encountered.
114 */
115 void
parse_option_buffer(struct packet * packet,unsigned char * buffer,int length)116 parse_option_buffer(struct packet *packet,
117 unsigned char *buffer, int length)
118 {
119 unsigned char *s, *t, *end = buffer + length;
120 int len, code;
121
122 for (s = buffer; *s != DHO_END && s < end; ) {
123 code = s[0];
124
125 /* Pad options don't have a length - just skip them. */
126 if (code == DHO_PAD) {
127 s++;
128 continue;
129 }
130 if (s + 2 > end) {
131 len = 65536;
132 goto bogus;
133 }
134
135 /*
136 * All other fields (except end, see above) have a
137 * one-byte length.
138 */
139 len = s[1];
140
141 /*
142 * If the length is outrageous, silently skip the rest,
143 * and mark the packet bad. Unfortunately some crappy
144 * dhcp servers always seem to give us garbage on the
145 * end of a packet. so rather than keep refusing, give
146 * up and try to take one after seeing a few without
147 * anything good.
148 */
149 if (s + len + 2 > end) {
150 bogus:
151 bad_options++;
152 warning("option %s (%d) %s.",
153 dhcp_options[code].name, len,
154 "larger than buffer");
155 if (bad_options == bad_options_max) {
156 packet->options_valid = 1;
157 bad_options = 0;
158 warning("Many bogus options seen in offers. "
159 "Taking this offer in spite of bogus "
160 "options - hope for the best!");
161 } else {
162 warning("rejecting bogus offer.");
163 packet->options_valid = 0;
164 }
165 return;
166 }
167 /*
168 * If we haven't seen this option before, just make
169 * space for it and copy it there.
170 */
171 if (!packet->options[code].data) {
172 if (!(t = calloc(1, len + 1)))
173 error("Can't allocate storage for option %s.",
174 dhcp_options[code].name);
175 /*
176 * Copy and NUL-terminate the option (in case
177 * it's an ASCII string.
178 */
179 memcpy(t, &s[2], len);
180 t[len] = 0;
181 packet->options[code].len = len;
182 packet->options[code].data = t;
183 } else {
184 /*
185 * If it's a repeat, concatenate it to whatever
186 * we last saw. This is really only required
187 * for clients, but what the heck...
188 */
189 t = calloc(1, len + packet->options[code].len + 1);
190 if (!t)
191 error("Can't expand storage for option %s.",
192 dhcp_options[code].name);
193 memcpy(t, packet->options[code].data,
194 packet->options[code].len);
195 memcpy(t + packet->options[code].len,
196 &s[2], len);
197 packet->options[code].len += len;
198 t[packet->options[code].len] = 0;
199 free(packet->options[code].data);
200 packet->options[code].data = t;
201 }
202 s += len + 2;
203 }
204 packet->options_valid = 1;
205 }
206
207 /*
208 * Expand DHCP Domain Search option. The value of this option is
209 * encoded like DNS' list of labels. See:
210 * RFC 3397
211 * RFC 1035
212 */
213 void
expand_domain_search(struct packet * packet)214 expand_domain_search(struct packet *packet)
215 {
216 size_t offset;
217 int expanded_len, next_domain_len;
218 struct option_data *option;
219 unsigned char *domain_search, *cursor;
220
221 if (packet->options[DHO_DOMAIN_SEARCH].data == NULL)
222 return;
223
224 option = &packet->options[DHO_DOMAIN_SEARCH];
225
226 /* Compute final expanded length. */
227 expanded_len = 0;
228 offset = 0;
229 while (offset < option->len) {
230 next_domain_len = find_search_domain_name_len(option, &offset);
231 if (next_domain_len < 0)
232 /* The Domain Search option value is invalid. */
233 return;
234
235 /* We add 1 for the space between domain names. */
236 expanded_len += next_domain_len + 1;
237 }
238 if (expanded_len > 0)
239 /* Remove 1 for the superfluous trailing space. */
240 --expanded_len;
241
242 domain_search = malloc(expanded_len + 1);
243 if (domain_search == NULL)
244 error("Can't allocate storage for expanded domain-search\n");
245
246 offset = 0;
247 cursor = domain_search;
248 while (offset < option->len) {
249 expand_search_domain_name(option, &offset, &cursor);
250 cursor[0] = ' ';
251 cursor++;
252 }
253 domain_search[expanded_len] = '\0';
254
255 free(option->data);
256 option->len = expanded_len;
257 option->data = domain_search;
258 }
259
260 int
find_search_domain_name_len(struct option_data * option,size_t * offset)261 find_search_domain_name_len(struct option_data *option, size_t *offset)
262 {
263 int domain_name_len, label_len, pointed_len;
264 size_t i, pointer;
265
266 domain_name_len = 0;
267
268 i = *offset;
269 while (i < option->len) {
270 label_len = option->data[i];
271 if (label_len == 0) {
272 /*
273 * A zero-length label marks the end of this
274 * domain name.
275 */
276 *offset = i + 1;
277 return (domain_name_len);
278 } else if (label_len & 0xC0) {
279 /* This is a pointer to another list of labels. */
280 if (i + 1 >= option->len) {
281 /* The pointer is truncated. */
282 warning("Truncated pointer in DHCP Domain "
283 "Search option.");
284 return (-1);
285 }
286
287 pointer = ((label_len & ~(0xC0)) << 8) +
288 option->data[i + 1];
289 if (pointer >= *offset) {
290 /*
291 * The pointer must indicate a prior
292 * occurrence.
293 */
294 warning("Invalid forward pointer in DHCP "
295 "Domain Search option compression.");
296 return (-1);
297 }
298
299 pointed_len = find_search_domain_name_len(option,
300 &pointer);
301 if (pointed_len < 0)
302 return (-1);
303 domain_name_len += pointed_len;
304
305 *offset = i + 2;
306 return (domain_name_len);
307 }
308
309 if (i + label_len >= option->len) {
310 warning("Truncated label in DHCP Domain Search "
311 "option.");
312 return (-1);
313 }
314
315 /*
316 * Update the domain name length with the length of the
317 * current label, plus a trailing dot ('.').
318 */
319 domain_name_len += label_len + 1;
320
321 /* Move cursor. */
322 i += label_len + 1;
323 }
324
325 warning("Truncated DHCP Domain Search option.");
326
327 return (-1);
328 }
329
330 void
expand_search_domain_name(struct option_data * option,size_t * offset,unsigned char ** domain_search)331 expand_search_domain_name(struct option_data *option, size_t *offset,
332 unsigned char **domain_search)
333 {
334 int label_len;
335 size_t i, pointer;
336 unsigned char *cursor;
337
338 /*
339 * This is the same loop than the function above
340 * (find_search_domain_name_len). Therefore, we remove checks,
341 * they're already done. Here, we just make the copy.
342 */
343 i = *offset;
344 cursor = *domain_search;
345 while (i < option->len) {
346 label_len = option->data[i];
347 if (label_len == 0) {
348 /*
349 * A zero-length label marks the end of this
350 * domain name.
351 */
352 *offset = i + 1;
353 *domain_search = cursor;
354 return;
355 } else if (label_len & 0xC0) {
356 /* This is a pointer to another list of labels. */
357 pointer = ((label_len & ~(0xC0)) << 8) +
358 option->data[i + 1];
359
360 expand_search_domain_name(option, &pointer, &cursor);
361
362 *offset = i + 2;
363 *domain_search = cursor;
364 return;
365 }
366
367 /* Copy the label found. */
368 memcpy(cursor, option->data + i + 1, label_len);
369 cursor[label_len] = '.';
370
371 /* Move cursor. */
372 i += label_len + 1;
373 cursor += label_len + 1;
374 }
375 }
376
377 /*
378 * cons options into a big buffer, and then split them out into the
379 * three separate buffers if needed. This allows us to cons up a set of
380 * vendor options using the same routine.
381 */
382 int
cons_options(struct packet * inpacket,struct dhcp_packet * outpacket,int mms,struct tree_cache ** options,int overload,int terminate,int bootpp,u_int8_t * prl,int prl_len)383 cons_options(struct packet *inpacket, struct dhcp_packet *outpacket,
384 int mms, struct tree_cache **options,
385 int overload, /* Overload flags that may be set. */
386 int terminate, int bootpp, u_int8_t *prl, int prl_len)
387 {
388 unsigned char priority_list[300], buffer[4096];
389 unsigned priority_len;
390 size_t main_buffer_size;
391 unsigned option_size, bufix, mainbufix;
392 int length;
393
394 /*
395 * If the client has provided a maximum DHCP message size, use
396 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use
397 * up to the minimum IP MTU size (576 bytes).
398 *
399 * XXX if a BOOTP client specifies a max message size, we will
400 * honor it.
401 */
402 if (!mms &&
403 inpacket &&
404 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data &&
405 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >=
406 sizeof(u_int16_t)))
407 mms = getUShort(
408 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data);
409
410 if (mms)
411 main_buffer_size = mms - DHCP_FIXED_LEN;
412 else if (bootpp)
413 main_buffer_size = 64;
414 else
415 main_buffer_size = 576 - DHCP_FIXED_LEN;
416
417 if (main_buffer_size > sizeof(buffer))
418 main_buffer_size = sizeof(buffer);
419
420 /* Preload the option priority list with mandatory options. */
421 priority_len = 0;
422 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE;
423 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
424 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME;
425 priority_list[priority_len++] = DHO_DHCP_MESSAGE;
426
427 /*
428 * If the client has provided a list of options that it wishes
429 * returned, use it to prioritize. Otherwise, prioritize based
430 * on the default priority list.
431 */
432 if (inpacket &&
433 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
434 unsigned prlen =
435 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len;
436 if (prlen + priority_len > sizeof(priority_list))
437 prlen = sizeof(priority_list) - priority_len;
438
439 memcpy(&priority_list[priority_len],
440 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data,
441 prlen);
442 priority_len += prlen;
443 prl = priority_list;
444 } else if (prl) {
445 if (prl_len + priority_len > sizeof(priority_list))
446 prl_len = sizeof(priority_list) - priority_len;
447
448 memcpy(&priority_list[priority_len], prl, prl_len);
449 priority_len += prl_len;
450 prl = priority_list;
451 } else {
452 memcpy(&priority_list[priority_len],
453 dhcp_option_default_priority_list,
454 sizeof_dhcp_option_default_priority_list);
455 priority_len += sizeof_dhcp_option_default_priority_list;
456 }
457
458 /* Copy the options into the big buffer... */
459 option_size = store_options(
460 buffer,
461 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) +
462 ((overload & 2) ? DHCP_SNAME_LEN : 0)),
463 options, priority_list, priority_len, main_buffer_size,
464 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)),
465 terminate);
466
467 /* Put the cookie up front... */
468 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4);
469 mainbufix = 4;
470
471 /*
472 * If we're going to have to overload, store the overload option
473 * at the beginning. If we can, though, just store the whole
474 * thing in the packet's option buffer and leave it at that.
475 */
476 if (option_size <= main_buffer_size - mainbufix) {
477 memcpy(&outpacket->options[mainbufix],
478 buffer, option_size);
479 mainbufix += option_size;
480 if (mainbufix < main_buffer_size)
481 outpacket->options[mainbufix++] = DHO_END;
482 length = DHCP_FIXED_NON_UDP + mainbufix;
483 } else {
484 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD;
485 outpacket->options[mainbufix++] = 1;
486 if (option_size >
487 main_buffer_size - mainbufix + DHCP_FILE_LEN)
488 outpacket->options[mainbufix++] = 3;
489 else
490 outpacket->options[mainbufix++] = 1;
491
492 memcpy(&outpacket->options[mainbufix],
493 buffer, main_buffer_size - mainbufix);
494 bufix = main_buffer_size - mainbufix;
495 length = DHCP_FIXED_NON_UDP + mainbufix;
496 if (overload & 1) {
497 if (option_size - bufix <= DHCP_FILE_LEN) {
498 memcpy(outpacket->file,
499 &buffer[bufix], option_size - bufix);
500 mainbufix = option_size - bufix;
501 if (mainbufix < DHCP_FILE_LEN)
502 outpacket->file[mainbufix++] = (char)DHO_END;
503 while (mainbufix < DHCP_FILE_LEN)
504 outpacket->file[mainbufix++] = (char)DHO_PAD;
505 } else {
506 memcpy(outpacket->file,
507 &buffer[bufix], DHCP_FILE_LEN);
508 bufix += DHCP_FILE_LEN;
509 }
510 }
511 if ((overload & 2) && option_size < bufix) {
512 memcpy(outpacket->sname,
513 &buffer[bufix], option_size - bufix);
514
515 mainbufix = option_size - bufix;
516 if (mainbufix < DHCP_SNAME_LEN)
517 outpacket->file[mainbufix++] = (char)DHO_END;
518 while (mainbufix < DHCP_SNAME_LEN)
519 outpacket->file[mainbufix++] = (char)DHO_PAD;
520 }
521 }
522 return (length);
523 }
524
525 /*
526 * Store all the requested options into the requested buffer.
527 */
528 unsigned
store_options(unsigned char * buffer,int buflen,struct tree_cache ** options,unsigned char * priority_list,int priority_len,int first_cutoff,int second_cutoff,int terminate)529 store_options(unsigned char *buffer, int buflen, struct tree_cache **options,
530 unsigned char *priority_list, int priority_len, int first_cutoff,
531 int second_cutoff, int terminate)
532 {
533 int bufix = 0, option_stored[256], i, ix, tto;
534
535 /* Zero out the stored-lengths array. */
536 memset(option_stored, 0, sizeof(option_stored));
537
538 /*
539 * Copy out the options in the order that they appear in the
540 * priority list...
541 */
542 for (i = 0; i < priority_len; i++) {
543 /* Code for next option to try to store. */
544 int code = priority_list[i];
545 int optstart;
546
547 /*
548 * Number of bytes left to store (some may already have
549 * been stored by a previous pass).
550 */
551 int length;
552
553 /* If no data is available for this option, skip it. */
554 if (!options[code]) {
555 continue;
556 }
557
558 /*
559 * The client could ask for things that are mandatory,
560 * in which case we should avoid storing them twice...
561 */
562 if (option_stored[code])
563 continue;
564 option_stored[code] = 1;
565
566 /* We should now have a constant length for the option. */
567 length = options[code]->len;
568
569 /* Do we add a NUL? */
570 if (terminate && dhcp_options[code].format[0] == 't') {
571 length++;
572 tto = 1;
573 } else
574 tto = 0;
575
576 /* Try to store the option. */
577
578 /*
579 * If the option's length is more than 255, we must
580 * store it in multiple hunks. Store 255-byte hunks
581 * first. However, in any case, if the option data will
582 * cross a buffer boundary, split it across that
583 * boundary.
584 */
585 ix = 0;
586
587 optstart = bufix;
588 while (length) {
589 unsigned char incr = length > 255 ? 255 : length;
590
591 /*
592 * If this hunk of the buffer will cross a
593 * boundary, only go up to the boundary in this
594 * pass.
595 */
596 if (bufix < first_cutoff &&
597 bufix + incr > first_cutoff)
598 incr = first_cutoff - bufix;
599 else if (bufix < second_cutoff &&
600 bufix + incr > second_cutoff)
601 incr = second_cutoff - bufix;
602
603 /*
604 * If this option is going to overflow the
605 * buffer, skip it.
606 */
607 if (bufix + 2 + incr > buflen) {
608 bufix = optstart;
609 break;
610 }
611
612 /* Everything looks good - copy it in! */
613 buffer[bufix] = code;
614 buffer[bufix + 1] = incr;
615 if (tto && incr == length) {
616 memcpy(buffer + bufix + 2,
617 options[code]->value + ix, incr - 1);
618 buffer[bufix + 2 + incr - 1] = 0;
619 } else
620 memcpy(buffer + bufix + 2,
621 options[code]->value + ix, incr);
622 length -= incr;
623 ix += incr;
624 bufix += 2 + incr;
625 }
626 }
627 return (bufix);
628 }
629
630 /*
631 * Format the specified option so that a human can easily read it.
632 */
633 const char *
pretty_print_option(unsigned int code,unsigned char * data,int len,int emit_commas,int emit_quotes)634 pretty_print_option(unsigned int code, unsigned char *data, int len,
635 int emit_commas, int emit_quotes)
636 {
637 static char optbuf[32768]; /* XXX */
638 int hunksize = 0, numhunk = -1, numelem = 0;
639 char fmtbuf[32], *op = optbuf;
640 int i, j, k, opleft = sizeof(optbuf);
641 unsigned char *dp = data;
642 struct in_addr foo;
643 char comma;
644
645 /* Code should be between 0 and 255. */
646 if (code > 255)
647 error("pretty_print_option: bad code %d", code);
648
649 if (emit_commas)
650 comma = ',';
651 else
652 comma = ' ';
653
654 /* Figure out the size of the data. */
655 for (i = 0; dhcp_options[code].format[i]; i++) {
656 if (!numhunk) {
657 warning("%s: Excess information in format string: %s",
658 dhcp_options[code].name,
659 &(dhcp_options[code].format[i]));
660 break;
661 }
662 numelem++;
663 fmtbuf[i] = dhcp_options[code].format[i];
664 switch (dhcp_options[code].format[i]) {
665 case 'A':
666 --numelem;
667 fmtbuf[i] = 0;
668 numhunk = 0;
669 break;
670 case 'X':
671 for (k = 0; k < len; k++)
672 if (!isascii(data[k]) ||
673 !isprint(data[k]))
674 break;
675 if (k == len) {
676 fmtbuf[i] = 't';
677 numhunk = -2;
678 } else {
679 fmtbuf[i] = 'x';
680 hunksize++;
681 comma = ':';
682 numhunk = 0;
683 }
684 fmtbuf[i + 1] = 0;
685 break;
686 case 't':
687 fmtbuf[i] = 't';
688 fmtbuf[i + 1] = 0;
689 numhunk = -2;
690 break;
691 case 'I':
692 case 'l':
693 case 'L':
694 hunksize += 4;
695 break;
696 case 's':
697 case 'S':
698 hunksize += 2;
699 break;
700 case 'b':
701 case 'B':
702 case 'f':
703 hunksize++;
704 break;
705 case 'e':
706 break;
707 default:
708 warning("%s: garbage in format string: %s",
709 dhcp_options[code].name,
710 &(dhcp_options[code].format[i]));
711 break;
712 }
713 }
714
715 /* Check for too few bytes... */
716 if (hunksize > len) {
717 warning("%s: expecting at least %d bytes; got %d",
718 dhcp_options[code].name, hunksize, len);
719 return ("<error>");
720 }
721 /* Check for too many bytes... */
722 if (numhunk == -1 && hunksize < len)
723 warning("%s: %d extra bytes",
724 dhcp_options[code].name, len - hunksize);
725
726 /* If this is an array, compute its size. */
727 if (!numhunk)
728 numhunk = len / hunksize;
729 /* See if we got an exact number of hunks. */
730 if (numhunk > 0 && numhunk * hunksize < len)
731 warning("%s: %d extra bytes at end of array",
732 dhcp_options[code].name, len - numhunk * hunksize);
733
734 /* A one-hunk array prints the same as a single hunk. */
735 if (numhunk < 0)
736 numhunk = 1;
737
738 /* Cycle through the array (or hunk) printing the data. */
739 for (i = 0; i < numhunk; i++) {
740 for (j = 0; j < numelem; j++) {
741 int opcount;
742 switch (fmtbuf[j]) {
743 case 't':
744 if (emit_quotes) {
745 *op++ = '"';
746 opleft--;
747 }
748 for (; dp < data + len; dp++) {
749 if (!isascii(*dp) ||
750 !isprint(*dp)) {
751 if (dp + 1 != data + len ||
752 *dp != 0) {
753 snprintf(op, opleft,
754 "\\%03o", *dp);
755 op += 4;
756 opleft -= 4;
757 }
758 } else if (*dp == '"' ||
759 *dp == '\'' ||
760 *dp == '$' ||
761 *dp == '`' ||
762 *dp == '\\') {
763 *op++ = '\\';
764 *op++ = *dp;
765 opleft -= 2;
766 } else {
767 *op++ = *dp;
768 opleft--;
769 }
770 }
771 if (emit_quotes) {
772 *op++ = '"';
773 opleft--;
774 }
775
776 *op = 0;
777 break;
778 case 'I':
779 foo.s_addr = htonl(getULong(dp));
780 opcount = strlcpy(op, inet_ntoa(foo), opleft);
781 if (opcount >= opleft)
782 goto toobig;
783 opleft -= opcount;
784 dp += 4;
785 break;
786 case 'l':
787 opcount = snprintf(op, opleft, "%ld",
788 (long)getLong(dp));
789 if (opcount >= opleft || opcount == -1)
790 goto toobig;
791 opleft -= opcount;
792 dp += 4;
793 break;
794 case 'L':
795 opcount = snprintf(op, opleft, "%lu",
796 (unsigned long)getULong(dp));
797 if (opcount >= opleft || opcount == -1)
798 goto toobig;
799 opleft -= opcount;
800 dp += 4;
801 break;
802 case 's':
803 opcount = snprintf(op, opleft, "%d",
804 getShort(dp));
805 if (opcount >= opleft || opcount == -1)
806 goto toobig;
807 opleft -= opcount;
808 dp += 2;
809 break;
810 case 'S':
811 opcount = snprintf(op, opleft, "%u",
812 getUShort(dp));
813 if (opcount >= opleft || opcount == -1)
814 goto toobig;
815 opleft -= opcount;
816 dp += 2;
817 break;
818 case 'b':
819 opcount = snprintf(op, opleft, "%d",
820 *(char *)dp++);
821 if (opcount >= opleft || opcount == -1)
822 goto toobig;
823 opleft -= opcount;
824 break;
825 case 'B':
826 opcount = snprintf(op, opleft, "%d", *dp++);
827 if (opcount >= opleft || opcount == -1)
828 goto toobig;
829 opleft -= opcount;
830 break;
831 case 'x':
832 opcount = snprintf(op, opleft, "%x", *dp++);
833 if (opcount >= opleft || opcount == -1)
834 goto toobig;
835 opleft -= opcount;
836 break;
837 case 'f':
838 opcount = strlcpy(op,
839 *dp++ ? "true" : "false", opleft);
840 if (opcount >= opleft)
841 goto toobig;
842 opleft -= opcount;
843 break;
844 default:
845 warning("Unexpected format code %c", fmtbuf[j]);
846 }
847 op += strlen(op);
848 opleft -= strlen(op);
849 if (opleft < 1)
850 goto toobig;
851 if (j + 1 < numelem && comma != ':') {
852 *op++ = ' ';
853 opleft--;
854 }
855 }
856 if (i + 1 < numhunk) {
857 *op++ = comma;
858 opleft--;
859 }
860 if (opleft < 1)
861 goto toobig;
862
863 }
864 return (optbuf);
865 toobig:
866 warning("dhcp option too large");
867 return ("<error>");
868 }
869
870 void
do_packet(struct interface_info * interface,struct dhcp_packet * packet,int len,unsigned int from_port,struct iaddr from,struct hardware * hfrom)871 do_packet(struct interface_info *interface, struct dhcp_packet *packet,
872 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom)
873 {
874 struct packet tp;
875 int i;
876
877 if (packet->hlen > sizeof(packet->chaddr)) {
878 note("Discarding packet with invalid hlen.");
879 return;
880 }
881
882 memset(&tp, 0, sizeof(tp));
883 tp.raw = packet;
884 tp.packet_length = len;
885 tp.client_port = from_port;
886 tp.client_addr = from;
887 tp.interface = interface;
888 tp.haddr = hfrom;
889
890 parse_options(&tp);
891 if (tp.options_valid &&
892 tp.options[DHO_DHCP_MESSAGE_TYPE].data)
893 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
894 if (tp.packet_type)
895 dhcp(&tp);
896 else
897 bootp(&tp);
898
899 /* Free the data associated with the options. */
900 for (i = 0; i < 256; i++)
901 free(tp.options[i].data);
902 }
903