aboutsummaryrefslogtreecommitdiff
path: root/lib/libstand
diff options
context:
space:
mode:
authorToomas Soome <tsoome@FreeBSD.org>2017-03-20 22:20:17 +0000
committerToomas Soome <tsoome@FreeBSD.org>2017-03-20 22:20:17 +0000
commitc1e968fb6297591a95711fea86f694b9f3b43e88 (patch)
tree44e9263aeb4d57ee955cd5e6b765de19dac966e4 /lib/libstand
parent98339da12a4e4255ea080b6a3913896c4587cebc (diff)
downloadsrc-c1e968fb6297591a95711fea86f694b9f3b43e88.tar.gz
src-c1e968fb6297591a95711fea86f694b9f3b43e88.zip
loader: verify the value from dhcp.interface-mtu and use snprintf to set mtu
Since the uset can set dhcp.interface-mtu, we need to try to validate the value. So we verify if the conversion to int is successful and we will not allow to set value greater than max IPv4 packet size. Also use snprintf for safety. Reviewed by: allanjude, bapt Approved by: allanjude (mentor) Differential Revision: https://reviews.freebsd.org/D8492
Notes
Notes: svn path=/head/; revision=315653
Diffstat (limited to 'lib/libstand')
-rw-r--r--lib/libstand/bootp.c25
1 files changed, 22 insertions, 3 deletions
diff --git a/lib/libstand/bootp.c b/lib/libstand/bootp.c
index 5d993ce5f07e..479405debe22 100644
--- a/lib/libstand/bootp.c
+++ b/lib/libstand/bootp.c
@@ -39,6 +39,7 @@
__FBSDID("$FreeBSD$");
#include <sys/types.h>
+#include <sys/limits.h>
#include <sys/endian.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -403,11 +404,29 @@ vend_rfc1048(cp, len)
strlcpy(hostname, val, sizeof(hostname));
}
if (tag == TAG_INTF_MTU) {
+ intf_mtu = 0;
if ((val = getenv("dhcp.interface-mtu")) != NULL) {
- intf_mtu = (u_int)strtoul(val, NULL, 0);
- } else {
- intf_mtu = be16dec(cp);
+ unsigned long tmp;
+ char *end;
+
+ errno = 0;
+ /*
+ * Do not allow MTU to exceed max IPv4 packet
+ * size, max value of 16-bit word.
+ */
+ tmp = strtoul(val, &end, 0);
+ if (errno != 0 ||
+ *val == '\0' || *end != '\0' ||
+ tmp > USHRT_MAX) {
+ printf("%s: bad value: \"%s\", "
+ "ignoring\n",
+ "dhcp.interface-mtu", val);
+ } else {
+ intf_mtu = (u_int)tmp;
+ }
}
+ if (intf_mtu <= 0)
+ intf_mtu = be16dec(cp);
}
#ifdef SUPPORT_DHCP
if (tag == TAG_DHCP_MSGTYPE) {