From e3f13f0141df87bbb6ad5b950eb3f5cca0703f4d Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 14 Nov 2010 05:58:34 +0000 Subject: busybox: add 6RD prefix sanity checking as mandated by RFC5969, bump pkg revision SVN-Revision: 23990 --- package/busybox/Makefile | 2 +- .../patches/244-udhcpc_add_6rd_option.patch | 58 +++++++++++++--------- 2 files changed, 35 insertions(+), 25 deletions(-) (limited to 'package') diff --git a/package/busybox/Makefile b/package/busybox/Makefile index e3e51646c0..f7e64c097a 100644 --- a/package/busybox/Makefile +++ b/package/busybox/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.17.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/busybox/patches/244-udhcpc_add_6rd_option.patch b/package/busybox/patches/244-udhcpc_add_6rd_option.patch index 25c5ebf6fe..3037708586 100644 --- a/package/busybox/patches/244-udhcpc_add_6rd_option.patch +++ b/package/busybox/patches/244-udhcpc_add_6rd_option.patch @@ -58,7 +58,7 @@ /* really simple implementation, just count the bits */ static int mton(uint32_t mask) { -@@ -177,6 +195,60 @@ static NOINLINE char *xmalloc_optname_op +@@ -177,6 +195,70 @@ static NOINLINE char *xmalloc_optname_op return ret; } @@ -85,33 +85,43 @@ + * We convert it to a string "IPv4MaskLen 6rdPrefixLen 6rdPrefix 6rdBRIPv4Address" + */ + -+ /* IPv4MaskLen */ -+ dest += sprintf(dest, "%u ", *option++); -+ len--; ++ /* Sanity check: ensure that our length is at least 22 bytes, that ++ * IPv4MaskLen is <= 32, 6rdPrefixLen <= 128 and that the sum of ++ * (32 - IPv4MaskLen) + 6rdPrefixLen is less than or equal to 128. ++ * If any of these requirements is not fulfilled, return with empty ++ * value. ++ */ ++ if ((len >= 22) && (*option <= 32) && (*(option+1) <= 128) && ++ (((32 - *option) + *(option+1)) <= 128)) ++ { ++ /* IPv4MaskLen */ ++ dest += sprintf(dest, "%u ", *option++); ++ len--; + -+ /* 6rdPrefixLen */ -+ dest += sprintf(dest, "%u ", *option++); -+ len--; ++ /* 6rdPrefixLen */ ++ dest += sprintf(dest, "%u ", *option++); ++ len--; + -+ /* 6rdPrefix */ -+ dest += sprint_nip6(dest, "", option); -+ option += 16; -+ len -= 16; ++ /* 6rdPrefix */ ++ dest += sprint_nip6(dest, "", option); ++ option += 16; ++ len -= 16; + -+ /* 6rdBRIPv4Addresses */ -+ while (len >= 4) -+ { -+ dest += sprint_nip(dest, " ", option); -+ option += 4; -+ len -= 4; ++ /* 6rdBRIPv4Addresses */ ++ while (len >= 4) ++ { ++ dest += sprint_nip(dest, " ", option); ++ option += 4; ++ len -= 4; + -+ /* the code to determine the option size fails to work with -+ * lengths that are not a multiple of the minimum length, -+ * adding all advertised 6rdBRIPv4Addresses here would -+ * overflow the destination buffer, therefore skip the rest -+ * for now -+ */ -+ break; ++ /* the code to determine the option size fails to work with ++ * lengths that are not a multiple of the minimum length, ++ * adding all advertised 6rdBRIPv4Addresses here would ++ * overflow the destination buffer, therefore skip the rest ++ * for now ++ */ ++ break; ++ } + } + + return ret; -- cgit v1.2.3