1/* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */ 2 3/* DHCP options parsing and reassembly. */ 4 5/* 6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of The Internet Software Consortium nor the names 19 * of its contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * This software has been written for the Internet Software Consortium 37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 38 * Enterprises. To learn more about the Internet Software Consortium, 39 * see ``http://www.vix.com/isc''. To learn more about Vixie 40 * Enterprises, see ``http://www.vix.com''. 41 */ 42 43#include <sys/cdefs.h> 44__FBSDID("$FreeBSD$"); 45 46#include <ctype.h> 47 48#define DHCP_OPTION_DATA 49#include "dhcpd.h" 50 51int bad_options = 0; 52int bad_options_max = 5; 53 54void parse_options(struct packet *); 55void parse_option_buffer(struct packet *, unsigned char *, int); 56int store_options(unsigned char *, int, struct tree_cache **, 57 unsigned char *, int, int, int, int); 58void expand_domain_search(struct packet *packet); 59int find_search_domain_name_len(struct option_data *option, int *offset); 60void expand_search_domain_name(struct option_data *option, int *offset, 61 unsigned char **domain_search); 62 63 64/* 65 * Parse all available options out of the specified packet. 66 */ 67void 68parse_options(struct packet *packet) 69{ 70 /* Initially, zero all option pointers. */ 71 memset(packet->options, 0, sizeof(packet->options)); 72 73 /* If we don't see the magic cookie, there's nothing to parse. */ 74 if (memcmp(packet->raw->options, DHCP_OPTIONS_COOKIE, 4)) { 75 packet->options_valid = 0; 76 return; 77 } 78 79 /* 80 * Go through the options field, up to the end of the packet or 81 * the End field. 82 */ 83 parse_option_buffer(packet, &packet->raw->options[4], 84 packet->packet_length - DHCP_FIXED_NON_UDP - 4); 85 86 /* 87 * If we parsed a DHCP Option Overload option, parse more 88 * options out of the buffer(s) containing them. 89 */ 90 if (packet->options_valid && 91 packet->options[DHO_DHCP_OPTION_OVERLOAD].data) { 92 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1) 93 parse_option_buffer(packet, 94 (unsigned char *)packet->raw->file, 95 sizeof(packet->raw->file)); 96 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2) 97 parse_option_buffer(packet, 98 (unsigned char *)packet->raw->sname, 99 sizeof(packet->raw->sname)); 100 } 101 102 /* Expand DHCP Domain Search option. */ 103 if (packet->options_valid) { 104 expand_domain_search(packet); 105 } 106} 107 108/* 109 * Parse options out of the specified buffer, storing addresses of 110 * option values in packet->options and setting packet->options_valid if 111 * no errors are encountered. 112 */ 113void 114parse_option_buffer(struct packet *packet, 115 unsigned char *buffer, int length) 116{ 117 unsigned char *s, *t, *end = buffer + length; 118 int len, code; 119 120 for (s = buffer; *s != DHO_END && s < end; ) { 121 code = s[0]; 122 123 /* Pad options don't have a length - just skip them. */ 124 if (code == DHO_PAD) { 125 s++; 126 continue; 127 } 128 if (s + 2 > end) { 129 len = 65536; 130 goto bogus; 131 } 132 133 /* 134 * All other fields (except end, see above) have a 135 * one-byte length. 136 */ 137 len = s[1]; 138 139 /* 140 * If the length is outrageous, silently skip the rest, 141 * and mark the packet bad. Unfortunately some crappy 142 * dhcp servers always seem to give us garbage on the 143 * end of a packet. so rather than keep refusing, give 144 * up and try to take one after seeing a few without 145 * anything good. 146 */ 147 if (s + len + 2 > end) { 148 bogus: 149 bad_options++; 150 warning("option %s (%d) %s.", 151 dhcp_options[code].name, len, 152 "larger than buffer"); 153 if (bad_options == bad_options_max) { 154 packet->options_valid = 1; 155 bad_options = 0; 156 warning("Many bogus options seen in offers. " 157 "Taking this offer in spite of bogus " 158 "options - hope for the best!"); 159 } else { 160 warning("rejecting bogus offer."); 161 packet->options_valid = 0; 162 } 163 return; 164 } 165 /* 166 * If we haven't seen this option before, just make 167 * space for it and copy it there. 168 */ 169 if (!packet->options[code].data) { 170 if (!(t = calloc(1, len + 1))) 171 error("Can't allocate storage for option %s.", 172 dhcp_options[code].name); 173 /* 174 * Copy and NUL-terminate the option (in case 175 * it's an ASCII string. 176 */ 177 memcpy(t, &s[2], len); 178 t[len] = 0; 179 packet->options[code].len = len; 180 packet->options[code].data = t; 181 } else { 182 /* 183 * If it's a repeat, concatenate it to whatever 184 * we last saw. This is really only required 185 * for clients, but what the heck... 186 */ 187 t = calloc(1, len + packet->options[code].len + 1); 188 if (!t) 189 error("Can't expand storage for option %s.", 190 dhcp_options[code].name); 191 memcpy(t, packet->options[code].data, 192 packet->options[code].len); 193 memcpy(t + packet->options[code].len, 194 &s[2], len); 195 packet->options[code].len += len; 196 t[packet->options[code].len] = 0; 197 free(packet->options[code].data); 198 packet->options[code].data = t; 199 } 200 s += len + 2; 201 } 202 packet->options_valid = 1; 203} 204 205/* 206 * Expand DHCP Domain Search option. The value of this option is 207 * encoded like DNS' list of labels. See: 208 * RFC 3397 209 * RFC 1035 210 */ 211void 212expand_domain_search(struct packet *packet) 213{ 214 int offset, expanded_len, next_domain_len; 215 struct option_data *option; 216 unsigned char *domain_search, *cursor; 217 218 if (packet->options[DHO_DOMAIN_SEARCH].data == NULL) 219 return; 220 221 option = &packet->options[DHO_DOMAIN_SEARCH]; 222 223 /* Compute final expanded length. */ 224 expanded_len = 0; 225 offset = 0; 226 while (offset < option->len) { 227 next_domain_len = find_search_domain_name_len(option, &offset); 228 if (next_domain_len < 0) 229 /* The Domain Search option value is invalid. */ 230 return; 231 232 /* We add 1 for the space between domain names. */ 233 expanded_len += next_domain_len + 1; 234 } 235 if (expanded_len > 0) 236 /* Remove 1 for the superfluous trailing space. */ 237 --expanded_len; 238 239 domain_search = malloc(expanded_len + 1); 240 if (domain_search == NULL) 241 error("Can't allocate storage for expanded domain-search\n"); 242 243 offset = 0; 244 cursor = domain_search; 245 while (offset < option->len) { 246 expand_search_domain_name(option, &offset, &cursor); 247 cursor[0] = ' '; 248 cursor++; 249 } 250 domain_search[expanded_len] = '\0'; 251 252 free(option->data); 253 option->len = expanded_len; 254 option->data = domain_search; 255} 256 257int 258find_search_domain_name_len(struct option_data *option, int *offset) 259{ 260 int domain_name_len, i, label_len, pointer, pointed_len; 261 262 domain_name_len = 0; 263 264 i = *offset; 265 while (i < option->len) { 266 label_len = option->data[i]; 267 if (label_len == 0) { 268 /* 269 * A zero-length label marks the end of this 270 * domain name. 271 */ 272 *offset = i + 1; 273 return (domain_name_len); 274 } else if (label_len & 0xC0) { 275 /* This is a pointer to another list of labels. */ 276 if (i + 1 >= option->len) { 277 /* The pointer is truncated. */ 278 warning("Truncated pointer in DHCP Domain " 279 "Search option."); 280 return (-1); 281 } 282 283 pointer = ((label_len & ~(0xC0)) << 8) + 284 option->data[i + 1]; 285 if (pointer >= *offset) { 286 /* 287 * The pointer must indicate a prior 288 * occurrence. 289 */ 290 warning("Invalid forward pointer in DHCP " 291 "Domain Search option compression."); 292 return (-1); 293 } 294 295 pointed_len = find_search_domain_name_len(option, 296 &pointer); 297 domain_name_len += pointed_len; 298 299 *offset = i + 2; 300 return (domain_name_len); 301 } 302 303 if (i + label_len >= option->len) { 304 warning("Truncated label in DHCP Domain Search " 305 "option."); 306 return (-1); 307 } 308 309 /* 310 * Update the domain name length with the length of the 311 * current label, plus a trailing dot ('.'). 312 */ 313 domain_name_len += label_len + 1; 314 315 /* Move cursor. */ 316 i += label_len + 1; 317 } 318 319 warning("Truncated DHCP Domain Search option."); 320 321 return (-1); 322} 323 324void 325expand_search_domain_name(struct option_data *option, int *offset, 326 unsigned char **domain_search) 327{ 328 int i, label_len, pointer; 329 unsigned char *cursor; 330 331 /* 332 * This is the same loop than the function above 333 * (find_search_domain_name_len). Therefore, we remove checks, 334 * they're already done. Here, we just make the copy. 335 */ 336 i = *offset; 337 cursor = *domain_search; 338 while (i < option->len) { 339 label_len = option->data[i]; 340 if (label_len == 0) { 341 /* 342 * A zero-length label marks the end of this 343 * domain name. 344 */ 345 *offset = i + 1; 346 *domain_search = cursor; 347 return; 348 } else if (label_len & 0xC0) { 349 /* This is a pointer to another list of labels. */ 350 pointer = ((label_len & ~(0xC0)) << 8) + 351 option->data[i + 1]; 352 353 expand_search_domain_name(option, &pointer, &cursor); 354 355 *offset = i + 2; 356 *domain_search = cursor; 357 return; 358 } 359 360 /* Copy the label found. */ 361 memcpy(cursor, option->data + i + 1, label_len); 362 cursor[label_len] = '.'; 363 364 /* Move cursor. */ 365 i += label_len + 1; 366 cursor += label_len + 1; 367 } 368} 369 370/* 371 * cons options into a big buffer, and then split them out into the 372 * three separate buffers if needed. This allows us to cons up a set of 373 * vendor options using the same routine. 374 */ 375int 376cons_options(struct packet *inpacket, struct dhcp_packet *outpacket, 377 int mms, struct tree_cache **options, 378 int overload, /* Overload flags that may be set. */ 379 int terminate, int bootpp, u_int8_t *prl, int prl_len) 380{ 381 unsigned char priority_list[300], buffer[4096]; 382 int priority_len, main_buffer_size, mainbufix, bufix; 383 int option_size, length; 384 385 /* 386 * If the client has provided a maximum DHCP message size, use 387 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use 388 * up to the minimum IP MTU size (576 bytes). 389 * 390 * XXX if a BOOTP client specifies a max message size, we will 391 * honor it. 392 */ 393 if (!mms && 394 inpacket && 395 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data && 396 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >= 397 sizeof(u_int16_t))) 398 mms = getUShort( 399 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data); 400 401 if (mms) 402 main_buffer_size = mms - DHCP_FIXED_LEN; 403 else if (bootpp) 404 main_buffer_size = 64; 405 else 406 main_buffer_size = 576 - DHCP_FIXED_LEN; 407 408 if (main_buffer_size > sizeof(buffer)) 409 main_buffer_size = sizeof(buffer); 410 411 /* Preload the option priority list with mandatory options. */ 412 priority_len = 0; 413 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE; 414 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER; 415 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME; 416 priority_list[priority_len++] = DHO_DHCP_MESSAGE; 417 418 /* 419 * If the client has provided a list of options that it wishes 420 * returned, use it to prioritize. Otherwise, prioritize based 421 * on the default priority list. 422 */ 423 if (inpacket && 424 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) { 425 int prlen = 426 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len; 427 if (prlen + priority_len > sizeof(priority_list)) 428 prlen = sizeof(priority_list) - priority_len; 429 430 memcpy(&priority_list[priority_len], 431 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data, 432 prlen); 433 priority_len += prlen; 434 prl = priority_list; 435 } else if (prl) { 436 if (prl_len + priority_len > sizeof(priority_list)) 437 prl_len = sizeof(priority_list) - priority_len; 438 439 memcpy(&priority_list[priority_len], prl, prl_len); 440 priority_len += prl_len; 441 prl = priority_list; 442 } else { 443 memcpy(&priority_list[priority_len], 444 dhcp_option_default_priority_list, 445 sizeof_dhcp_option_default_priority_list); 446 priority_len += sizeof_dhcp_option_default_priority_list; 447 } 448 449 /* Copy the options into the big buffer... */ 450 option_size = store_options( 451 buffer, 452 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) + 453 ((overload & 2) ? DHCP_SNAME_LEN : 0)), 454 options, priority_list, priority_len, main_buffer_size, 455 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)), 456 terminate); 457 458 /* Put the cookie up front... */ 459 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4); 460 mainbufix = 4; 461 462 /* 463 * If we're going to have to overload, store the overload option 464 * at the beginning. If we can, though, just store the whole 465 * thing in the packet's option buffer and leave it at that. 466 */ 467 if (option_size <= main_buffer_size - mainbufix) { 468 memcpy(&outpacket->options[mainbufix], 469 buffer, option_size); 470 mainbufix += option_size; 471 if (mainbufix < main_buffer_size) 472 outpacket->options[mainbufix++] = DHO_END; 473 length = DHCP_FIXED_NON_UDP + mainbufix; 474 } else { 475 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD; 476 outpacket->options[mainbufix++] = 1; 477 if (option_size > 478 main_buffer_size - mainbufix + DHCP_FILE_LEN) 479 outpacket->options[mainbufix++] = 3; 480 else 481 outpacket->options[mainbufix++] = 1; 482 483 memcpy(&outpacket->options[mainbufix], 484 buffer, main_buffer_size - mainbufix); 485 bufix = main_buffer_size - mainbufix; 486 length = DHCP_FIXED_NON_UDP + mainbufix; 487 if (overload & 1) { 488 if (option_size - bufix <= DHCP_FILE_LEN) { 489 memcpy(outpacket->file, 490 &buffer[bufix], option_size - bufix); 491 mainbufix = option_size - bufix; 492 if (mainbufix < DHCP_FILE_LEN) 493 outpacket->file[mainbufix++] = (char)DHO_END; 494 while (mainbufix < DHCP_FILE_LEN) 495 outpacket->file[mainbufix++] = (char)DHO_PAD; 496 } else { 497 memcpy(outpacket->file, 498 &buffer[bufix], DHCP_FILE_LEN); 499 bufix += DHCP_FILE_LEN; 500 } 501 } 502 if ((overload & 2) && option_size < bufix) { 503 memcpy(outpacket->sname, 504 &buffer[bufix], option_size - bufix); 505 506 mainbufix = option_size - bufix; 507 if (mainbufix < DHCP_SNAME_LEN) 508 outpacket->file[mainbufix++] = (char)DHO_END; 509 while (mainbufix < DHCP_SNAME_LEN) 510 outpacket->file[mainbufix++] = (char)DHO_PAD; 511 } 512 } 513 return (length); 514} 515 516/* 517 * Store all the requested options into the requested buffer. 518 */ 519int 520store_options(unsigned char *buffer, int buflen, struct tree_cache **options, 521 unsigned char *priority_list, int priority_len, int first_cutoff, 522 int second_cutoff, int terminate) 523{ 524 int bufix = 0, option_stored[256], i, ix, tto; 525 526 /* Zero out the stored-lengths array. */ 527 memset(option_stored, 0, sizeof(option_stored)); 528 529 /* 530 * Copy out the options in the order that they appear in the 531 * priority list... 532 */ 533 for (i = 0; i < priority_len; i++) { 534 /* Code for next option to try to store. */ 535 int code = priority_list[i]; 536 int optstart; 537 538 /* 539 * Number of bytes left to store (some may already have 540 * been stored by a previous pass). 541 */ 542 int length; 543 544 /* If no data is available for this option, skip it. */ 545 if (!options[code]) { 546 continue; 547 } 548 549 /* 550 * The client could ask for things that are mandatory, 551 * in which case we should avoid storing them twice... 552 */ 553 if (option_stored[code]) 554 continue; 555 option_stored[code] = 1; 556 557 /* We should now have a constant length for the option. */ 558 length = options[code]->len; 559 560 /* Do we add a NUL? */ 561 if (terminate && dhcp_options[code].format[0] == 't') { 562 length++; 563 tto = 1; 564 } else 565 tto = 0; 566 567 /* Try to store the option. */ 568 569 /* 570 * If the option's length is more than 255, we must 571 * store it in multiple hunks. Store 255-byte hunks 572 * first. However, in any case, if the option data will 573 * cross a buffer boundary, split it across that 574 * boundary. 575 */ 576 ix = 0; 577 578 optstart = bufix; 579 while (length) { 580 unsigned char incr = length > 255 ? 255 : length; 581 582 /* 583 * If this hunk of the buffer will cross a 584 * boundary, only go up to the boundary in this 585 * pass. 586 */ 587 if (bufix < first_cutoff && 588 bufix + incr > first_cutoff) 589 incr = first_cutoff - bufix; 590 else if (bufix < second_cutoff && 591 bufix + incr > second_cutoff) 592 incr = second_cutoff - bufix; 593 594 /* 595 * If this option is going to overflow the 596 * buffer, skip it. 597 */ 598 if (bufix + 2 + incr > buflen) { 599 bufix = optstart; 600 break; 601 } 602 603 /* Everything looks good - copy it in! */ 604 buffer[bufix] = code; 605 buffer[bufix + 1] = incr; 606 if (tto && incr == length) { 607 memcpy(buffer + bufix + 2, 608 options[code]->value + ix, incr - 1); 609 buffer[bufix + 2 + incr - 1] = 0; 610 } else 611 memcpy(buffer + bufix + 2, 612 options[code]->value + ix, incr); 613 length -= incr; 614 ix += incr; 615 bufix += 2 + incr; 616 } 617 } 618 return (bufix); 619} 620 621/* 622 * Format the specified option so that a human can easily read it. 623 */ 624char * 625pretty_print_option(unsigned int code, unsigned char *data, int len, 626 int emit_commas, int emit_quotes) 627{ 628 static char optbuf[32768]; /* XXX */ 629 int hunksize = 0, numhunk = -1, numelem = 0; 630 char fmtbuf[32], *op = optbuf; 631 int i, j, k, opleft = sizeof(optbuf); 632 unsigned char *dp = data; 633 struct in_addr foo; 634 char comma; 635 636 /* Code should be between 0 and 255. */ 637 if (code > 255) 638 error("pretty_print_option: bad code %d", code); 639 640 if (emit_commas) 641 comma = ','; 642 else 643 comma = ' '; 644 645 /* Figure out the size of the data. */ 646 for (i = 0; dhcp_options[code].format[i]; i++) { 647 if (!numhunk) { 648 warning("%s: Excess information in format string: %s", 649 dhcp_options[code].name, 650 &(dhcp_options[code].format[i])); 651 break; 652 } 653 numelem++; 654 fmtbuf[i] = dhcp_options[code].format[i]; 655 switch (dhcp_options[code].format[i]) { 656 case 'A': 657 --numelem; 658 fmtbuf[i] = 0; 659 numhunk = 0; 660 break; 661 case 'X': 662 for (k = 0; k < len; k++) 663 if (!isascii(data[k]) || 664 !isprint(data[k])) 665 break; 666 if (k == len) { 667 fmtbuf[i] = 't'; 668 numhunk = -2; 669 } else { 670 fmtbuf[i] = 'x'; 671 hunksize++; 672 comma = ':'; 673 numhunk = 0; 674 } 675 fmtbuf[i + 1] = 0; 676 break; 677 case 't': 678 fmtbuf[i] = 't'; 679 fmtbuf[i + 1] = 0; 680 numhunk = -2; 681 break; 682 case 'I': 683 case 'l': 684 case 'L': 685 hunksize += 4; 686 break; 687 case 's': 688 case 'S': 689 hunksize += 2; 690 break; 691 case 'b': 692 case 'B': 693 case 'f': 694 hunksize++; 695 break; 696 case 'e': 697 break; 698 default: 699 warning("%s: garbage in format string: %s", 700 dhcp_options[code].name, 701 &(dhcp_options[code].format[i])); 702 break; 703 } 704 } 705 706 /* Check for too few bytes... */ 707 if (hunksize > len) { 708 warning("%s: expecting at least %d bytes; got %d", 709 dhcp_options[code].name, hunksize, len); 710 return ("<error>"); 711 } 712 /* Check for too many bytes... */ 713 if (numhunk == -1 && hunksize < len) 714 warning("%s: %d extra bytes", 715 dhcp_options[code].name, len - hunksize); 716 717 /* If this is an array, compute its size. */ 718 if (!numhunk) 719 numhunk = len / hunksize; 720 /* See if we got an exact number of hunks. */ 721 if (numhunk > 0 && numhunk * hunksize < len) 722 warning("%s: %d extra bytes at end of array", 723 dhcp_options[code].name, len - numhunk * hunksize); 724 725 /* A one-hunk array prints the same as a single hunk. */ 726 if (numhunk < 0) 727 numhunk = 1; 728 729 /* Cycle through the array (or hunk) printing the data. */ 730 for (i = 0; i < numhunk; i++) { 731 for (j = 0; j < numelem; j++) { 732 int opcount; 733 switch (fmtbuf[j]) { 734 case 't': 735 if (emit_quotes) { 736 *op++ = '"'; 737 opleft--; 738 } 739 for (; dp < data + len; dp++) { 740 if (!isascii(*dp) || 741 !isprint(*dp)) { 742 if (dp + 1 != data + len || 743 *dp != 0) { 744 snprintf(op, opleft, 745 "\\%03o", *dp); 746 op += 4; 747 opleft -= 4; 748 } 749 } else if (*dp == '"' || 750 *dp == '\'' || 751 *dp == '$' || 752 *dp == '`' || 753 *dp == '\\') { 754 *op++ = '\\'; 755 *op++ = *dp; 756 opleft -= 2; 757 } else { 758 *op++ = *dp; 759 opleft--; 760 } 761 } 762 if (emit_quotes) { 763 *op++ = '"'; 764 opleft--; 765 } 766 767 *op = 0; 768 break; 769 case 'I': 770 foo.s_addr = htonl(getULong(dp)); 771 opcount = strlcpy(op, inet_ntoa(foo), opleft); 772 if (opcount >= opleft) 773 goto toobig; 774 opleft -= opcount; 775 dp += 4; 776 break; 777 case 'l': 778 opcount = snprintf(op, opleft, "%ld", 779 (long)getLong(dp)); 780 if (opcount >= opleft || opcount == -1) 781 goto toobig; 782 opleft -= opcount; 783 dp += 4; 784 break; 785 case 'L': 786 opcount = snprintf(op, opleft, "%ld", 787 (unsigned long)getULong(dp)); 788 if (opcount >= opleft || opcount == -1) 789 goto toobig; 790 opleft -= opcount; 791 dp += 4; 792 break; 793 case 's': 794 opcount = snprintf(op, opleft, "%d", 795 getShort(dp)); 796 if (opcount >= opleft || opcount == -1) 797 goto toobig; 798 opleft -= opcount; 799 dp += 2; 800 break; 801 case 'S': 802 opcount = snprintf(op, opleft, "%d", 803 getUShort(dp)); 804 if (opcount >= opleft || opcount == -1) 805 goto toobig; 806 opleft -= opcount; 807 dp += 2; 808 break; 809 case 'b': 810 opcount = snprintf(op, opleft, "%d", 811 *(char *)dp++); 812 if (opcount >= opleft || opcount == -1) 813 goto toobig; 814 opleft -= opcount; 815 break; 816 case 'B': 817 opcount = snprintf(op, opleft, "%d", *dp++); 818 if (opcount >= opleft || opcount == -1) 819 goto toobig; 820 opleft -= opcount; 821 break; 822 case 'x': 823 opcount = snprintf(op, opleft, "%x", *dp++); 824 if (opcount >= opleft || opcount == -1) 825 goto toobig; 826 opleft -= opcount; 827 break; 828 case 'f': 829 opcount = strlcpy(op, 830 *dp++ ? "true" : "false", opleft); 831 if (opcount >= opleft) 832 goto toobig; 833 opleft -= opcount; 834 break; 835 default: 836 warning("Unexpected format code %c", fmtbuf[j]); 837 } 838 op += strlen(op); 839 opleft -= strlen(op); 840 if (opleft < 1) 841 goto toobig; 842 if (j + 1 < numelem && comma != ':') { 843 *op++ = ' '; 844 opleft--; 845 } 846 } 847 if (i + 1 < numhunk) { 848 *op++ = comma; 849 opleft--; 850 } 851 if (opleft < 1) 852 goto toobig; 853 854 } 855 return (optbuf); 856 toobig: 857 warning("dhcp option too large"); 858 return ("<error>"); 859} 860 861void 862do_packet(struct interface_info *interface, struct dhcp_packet *packet, 863 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom) 864{ 865 struct packet tp; 866 int i; 867 868 if (packet->hlen > sizeof(packet->chaddr)) { 869 note("Discarding packet with invalid hlen."); 870 return; 871 } 872 873 memset(&tp, 0, sizeof(tp)); 874 tp.raw = packet; 875 tp.packet_length = len; 876 tp.client_port = from_port; 877 tp.client_addr = from; 878 tp.interface = interface; 879 tp.haddr = hfrom; 880 881 parse_options(&tp); 882 if (tp.options_valid && 883 tp.options[DHO_DHCP_MESSAGE_TYPE].data) 884 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0]; 885 if (tp.packet_type) 886 dhcp(&tp); 887 else 888 bootp(&tp); 889 890 /* Free the data associated with the options. */ 891 for (i = 0; i < 256; i++) 892 if (tp.options[i].len && tp.options[i].data) 893 free(tp.options[i].data); 894} 895