1 /* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */
2
3 /* DHCP options parsing and reassembly. */
4
5 /*-
6 * SPDX-License-Identifier: BSD-3-Clause
7 *
8 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of The Internet Software Consortium nor the names
21 * of its contributors may be used to endorse or promote products derived
22 * from this software without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
25 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
26 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
32 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
34 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
35 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * This software has been written for the Internet Software Consortium
39 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
40 * Enterprises. To learn more about the Internet Software Consortium,
41 * see ``http://www.vix.com/isc''. To learn more about Vixie
42 * Enterprises, see ``http://www.vix.com''.
43 */
44
45 #include <sys/cdefs.h>
46 #include <ctype.h>
47
48 #define DHCP_OPTION_DATA
49 #include "dhcpd.h"
50
51 static int bad_options = 0;
52 static int bad_options_max = 5;
53
54 void parse_options(struct packet *);
55 void parse_option_buffer(struct packet *, unsigned char *, int);
56 unsigned store_options(unsigned char *, int, struct tree_cache **,
57 unsigned char *, int, int, int, int);
58 void expand_domain_search(struct packet *packet);
59 int find_search_domain_name_len(struct option_data *option, size_t *offset);
60 void expand_search_domain_name(struct option_data *option, size_t *offset,
61 unsigned char **domain_search);
62
63
64 /*
65 * Parse all available options out of the specified packet.
66 */
67 void
parse_options(struct packet * packet)68 parse_options(struct packet *packet)
69 {
70 /* Initially, zero all option pointers. */
71 memset(packet->options, 0, sizeof(packet->options));
72
73 /* If we don't see the magic cookie, there's nothing to parse. */
74 if (memcmp(packet->raw->options, DHCP_OPTIONS_COOKIE, 4)) {
75 packet->options_valid = 0;
76 return;
77 }
78
79 /*
80 * Go through the options field, up to the end of the packet or
81 * the End field.
82 */
83 parse_option_buffer(packet, &packet->raw->options[4],
84 packet->packet_length - DHCP_FIXED_NON_UDP - 4);
85
86 /*
87 * If we parsed a DHCP Option Overload option, parse more
88 * options out of the buffer(s) containing them.
89 */
90 if (packet->options_valid &&
91 packet->options[DHO_DHCP_OPTION_OVERLOAD].data) {
92 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
93 parse_option_buffer(packet,
94 (unsigned char *)packet->raw->file,
95 sizeof(packet->raw->file));
96 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
97 parse_option_buffer(packet,
98 (unsigned char *)packet->raw->sname,
99 sizeof(packet->raw->sname));
100 }
101
102 /* Expand DHCP Domain Search option. */
103 if (packet->options_valid) {
104 expand_domain_search(packet);
105 }
106 }
107
108 /*
109 * Parse options out of the specified buffer, storing addresses of
110 * option values in packet->options and setting packet->options_valid if
111 * no errors are encountered.
112 */
113 void
parse_option_buffer(struct packet * packet,unsigned char * buffer,int length)114 parse_option_buffer(struct packet *packet,
115 unsigned char *buffer, int length)
116 {
117 unsigned char *s, *t, *end = buffer + length;
118 int len, code;
119
120 for (s = buffer; *s != DHO_END && s < end; ) {
121 code = s[0];
122
123 /* Pad options don't have a length - just skip them. */
124 if (code == DHO_PAD) {
125 s++;
126 continue;
127 }
128 if (s + 2 > end) {
129 len = 65536;
130 goto bogus;
131 }
132
133 /*
134 * All other fields (except end, see above) have a
135 * one-byte length.
136 */
137 len = s[1];
138
139 /*
140 * If the length is outrageous, silently skip the rest,
141 * and mark the packet bad. Unfortunately some crappy
142 * dhcp servers always seem to give us garbage on the
143 * end of a packet. so rather than keep refusing, give
144 * up and try to take one after seeing a few without
145 * anything good.
146 */
147 if (s + len + 2 > end) {
148 bogus:
149 bad_options++;
150 warning("option %s (%d) %s.",
151 dhcp_options[code].name, len,
152 "larger than buffer");
153 if (bad_options == bad_options_max) {
154 packet->options_valid = 1;
155 bad_options = 0;
156 warning("Many bogus options seen in offers. "
157 "Taking this offer in spite of bogus "
158 "options - hope for the best!");
159 } else {
160 warning("rejecting bogus offer.");
161 packet->options_valid = 0;
162 }
163 return;
164 }
165 /*
166 * If we haven't seen this option before, just make
167 * space for it and copy it there.
168 */
169 if (!packet->options[code].data) {
170 if (!(t = calloc(1, len + 1)))
171 error("Can't allocate storage for option %s.",
172 dhcp_options[code].name);
173 /*
174 * Copy and NUL-terminate the option (in case
175 * it's an ASCII string.
176 */
177 memcpy(t, &s[2], len);
178 t[len] = 0;
179 packet->options[code].len = len;
180 packet->options[code].data = t;
181 } else {
182 /*
183 * If it's a repeat, concatenate it to whatever
184 * we last saw. This is really only required
185 * for clients, but what the heck...
186 */
187 t = calloc(1, len + packet->options[code].len + 1);
188 if (!t)
189 error("Can't expand storage for option %s.",
190 dhcp_options[code].name);
191 memcpy(t, packet->options[code].data,
192 packet->options[code].len);
193 memcpy(t + packet->options[code].len,
194 &s[2], len);
195 packet->options[code].len += len;
196 t[packet->options[code].len] = 0;
197 free(packet->options[code].data);
198 packet->options[code].data = t;
199 }
200 s += len + 2;
201 }
202 packet->options_valid = 1;
203 }
204
205 /*
206 * Expand DHCP Domain Search option. The value of this option is
207 * encoded like DNS' list of labels. See:
208 * RFC 3397
209 * RFC 1035
210 */
211 void
expand_domain_search(struct packet * packet)212 expand_domain_search(struct packet *packet)
213 {
214 size_t offset;
215 int expanded_len, next_domain_len;
216 struct option_data *option;
217 unsigned char *domain_search, *cursor;
218
219 if (packet->options[DHO_DOMAIN_SEARCH].data == NULL)
220 return;
221
222 option = &packet->options[DHO_DOMAIN_SEARCH];
223
224 /* Compute final expanded length. */
225 expanded_len = 0;
226 offset = 0;
227 while (offset < option->len) {
228 next_domain_len = find_search_domain_name_len(option, &offset);
229 if (next_domain_len < 0)
230 /* The Domain Search option value is invalid. */
231 return;
232
233 /* We add 1 for the space between domain names. */
234 expanded_len += next_domain_len + 1;
235 }
236 if (expanded_len > 0)
237 /* Remove 1 for the superfluous trailing space. */
238 --expanded_len;
239
240 domain_search = malloc(expanded_len + 1);
241 if (domain_search == NULL)
242 error("Can't allocate storage for expanded domain-search\n");
243
244 offset = 0;
245 cursor = domain_search;
246 while (offset < option->len) {
247 expand_search_domain_name(option, &offset, &cursor);
248 cursor[0] = ' ';
249 cursor++;
250 }
251 domain_search[expanded_len] = '\0';
252
253 free(option->data);
254 option->len = expanded_len;
255 option->data = domain_search;
256 }
257
258 int
find_search_domain_name_len(struct option_data * option,size_t * offset)259 find_search_domain_name_len(struct option_data *option, size_t *offset)
260 {
261 int domain_name_len, label_len, pointed_len;
262 size_t i, pointer;
263
264 domain_name_len = 0;
265
266 i = *offset;
267 while (i < option->len) {
268 label_len = option->data[i];
269 if (label_len == 0) {
270 /*
271 * A zero-length label marks the end of this
272 * domain name.
273 */
274 *offset = i + 1;
275 return (domain_name_len);
276 } else if (label_len & 0xC0) {
277 /* This is a pointer to another list of labels. */
278 if (i + 1 >= option->len) {
279 /* The pointer is truncated. */
280 warning("Truncated pointer in DHCP Domain "
281 "Search option.");
282 return (-1);
283 }
284
285 pointer = ((label_len & ~(0xC0)) << 8) +
286 option->data[i + 1];
287 if (pointer >= *offset) {
288 /*
289 * The pointer must indicate a prior
290 * occurrence.
291 */
292 warning("Invalid forward pointer in DHCP "
293 "Domain Search option compression.");
294 return (-1);
295 }
296
297 pointed_len = find_search_domain_name_len(option,
298 &pointer);
299 if (pointed_len < 0)
300 return (-1);
301 domain_name_len += pointed_len;
302
303 *offset = i + 2;
304 return (domain_name_len);
305 }
306
307 if (i + label_len >= option->len) {
308 warning("Truncated label in DHCP Domain Search "
309 "option.");
310 return (-1);
311 }
312
313 /*
314 * Update the domain name length with the length of the
315 * current label, plus a trailing dot ('.').
316 */
317 domain_name_len += label_len + 1;
318
319 /* Move cursor. */
320 i += label_len + 1;
321 }
322
323 warning("Truncated DHCP Domain Search option.");
324
325 return (-1);
326 }
327
328 void
expand_search_domain_name(struct option_data * option,size_t * offset,unsigned char ** domain_search)329 expand_search_domain_name(struct option_data *option, size_t *offset,
330 unsigned char **domain_search)
331 {
332 int label_len;
333 size_t i, pointer;
334 unsigned char *cursor;
335
336 /*
337 * This is the same loop than the function above
338 * (find_search_domain_name_len). Therefore, we remove checks,
339 * they're already done. Here, we just make the copy.
340 */
341 i = *offset;
342 cursor = *domain_search;
343 while (i < option->len) {
344 label_len = option->data[i];
345 if (label_len == 0) {
346 /*
347 * A zero-length label marks the end of this
348 * domain name.
349 */
350 *offset = i + 1;
351 *domain_search = cursor;
352 return;
353 } else if (label_len & 0xC0) {
354 /* This is a pointer to another list of labels. */
355 pointer = ((label_len & ~(0xC0)) << 8) +
356 option->data[i + 1];
357
358 expand_search_domain_name(option, &pointer, &cursor);
359
360 *offset = i + 2;
361 *domain_search = cursor;
362 return;
363 }
364
365 /* Copy the label found. */
366 memcpy(cursor, option->data + i + 1, label_len);
367 cursor[label_len] = '.';
368
369 /* Move cursor. */
370 i += label_len + 1;
371 cursor += label_len + 1;
372 }
373 }
374
375 /*
376 * cons options into a big buffer, and then split them out into the
377 * three separate buffers if needed. This allows us to cons up a set of
378 * vendor options using the same routine.
379 */
380 int
cons_options(struct packet * inpacket,struct dhcp_packet * outpacket,int mms,struct tree_cache ** options,int overload,int terminate,int bootpp,u_int8_t * prl,int prl_len)381 cons_options(struct packet *inpacket, struct dhcp_packet *outpacket,
382 int mms, struct tree_cache **options,
383 int overload, /* Overload flags that may be set. */
384 int terminate, int bootpp, u_int8_t *prl, int prl_len)
385 {
386 unsigned char priority_list[300], buffer[4096];
387 unsigned priority_len;
388 size_t main_buffer_size;
389 unsigned option_size, bufix, mainbufix;
390 int length;
391
392 /*
393 * If the client has provided a maximum DHCP message size, use
394 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use
395 * up to the minimum IP MTU size (576 bytes).
396 *
397 * XXX if a BOOTP client specifies a max message size, we will
398 * honor it.
399 */
400 if (!mms &&
401 inpacket &&
402 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data &&
403 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >=
404 sizeof(u_int16_t)))
405 mms = getUShort(
406 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data);
407
408 if (mms)
409 main_buffer_size = mms - DHCP_FIXED_LEN;
410 else if (bootpp)
411 main_buffer_size = 64;
412 else
413 main_buffer_size = 576 - DHCP_FIXED_LEN;
414
415 if (main_buffer_size > sizeof(buffer))
416 main_buffer_size = sizeof(buffer);
417
418 /* Preload the option priority list with mandatory options. */
419 priority_len = 0;
420 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE;
421 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
422 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME;
423 priority_list[priority_len++] = DHO_DHCP_MESSAGE;
424
425 /*
426 * If the client has provided a list of options that it wishes
427 * returned, use it to prioritize. Otherwise, prioritize based
428 * on the default priority list.
429 */
430 if (inpacket &&
431 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
432 unsigned prlen =
433 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len;
434 if (prlen + priority_len > sizeof(priority_list))
435 prlen = sizeof(priority_list) - priority_len;
436
437 memcpy(&priority_list[priority_len],
438 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data,
439 prlen);
440 priority_len += prlen;
441 prl = priority_list;
442 } else if (prl) {
443 if (prl_len + priority_len > sizeof(priority_list))
444 prl_len = sizeof(priority_list) - priority_len;
445
446 memcpy(&priority_list[priority_len], prl, prl_len);
447 priority_len += prl_len;
448 prl = priority_list;
449 } else {
450 memcpy(&priority_list[priority_len],
451 dhcp_option_default_priority_list,
452 sizeof_dhcp_option_default_priority_list);
453 priority_len += sizeof_dhcp_option_default_priority_list;
454 }
455
456 /* Copy the options into the big buffer... */
457 option_size = store_options(
458 buffer,
459 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) +
460 ((overload & 2) ? DHCP_SNAME_LEN : 0)),
461 options, priority_list, priority_len, main_buffer_size,
462 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)),
463 terminate);
464
465 /* Put the cookie up front... */
466 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4);
467 mainbufix = 4;
468
469 /*
470 * If we're going to have to overload, store the overload option
471 * at the beginning. If we can, though, just store the whole
472 * thing in the packet's option buffer and leave it at that.
473 */
474 if (option_size <= main_buffer_size - mainbufix) {
475 memcpy(&outpacket->options[mainbufix],
476 buffer, option_size);
477 mainbufix += option_size;
478 if (mainbufix < main_buffer_size)
479 outpacket->options[mainbufix++] = DHO_END;
480 length = DHCP_FIXED_NON_UDP + mainbufix;
481 } else {
482 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD;
483 outpacket->options[mainbufix++] = 1;
484 if (option_size >
485 main_buffer_size - mainbufix + DHCP_FILE_LEN)
486 outpacket->options[mainbufix++] = 3;
487 else
488 outpacket->options[mainbufix++] = 1;
489
490 memcpy(&outpacket->options[mainbufix],
491 buffer, main_buffer_size - mainbufix);
492 bufix = main_buffer_size - mainbufix;
493 length = DHCP_FIXED_NON_UDP + mainbufix;
494 if (overload & 1) {
495 if (option_size - bufix <= DHCP_FILE_LEN) {
496 memcpy(outpacket->file,
497 &buffer[bufix], option_size - bufix);
498 mainbufix = option_size - bufix;
499 if (mainbufix < DHCP_FILE_LEN)
500 outpacket->file[mainbufix++] = (char)DHO_END;
501 while (mainbufix < DHCP_FILE_LEN)
502 outpacket->file[mainbufix++] = (char)DHO_PAD;
503 } else {
504 memcpy(outpacket->file,
505 &buffer[bufix], DHCP_FILE_LEN);
506 bufix += DHCP_FILE_LEN;
507 }
508 }
509 if ((overload & 2) && option_size < bufix) {
510 memcpy(outpacket->sname,
511 &buffer[bufix], option_size - bufix);
512
513 mainbufix = option_size - bufix;
514 if (mainbufix < DHCP_SNAME_LEN)
515 outpacket->file[mainbufix++] = (char)DHO_END;
516 while (mainbufix < DHCP_SNAME_LEN)
517 outpacket->file[mainbufix++] = (char)DHO_PAD;
518 }
519 }
520 return (length);
521 }
522
523 /*
524 * Store all the requested options into the requested buffer.
525 */
526 unsigned
store_options(unsigned char * buffer,int buflen,struct tree_cache ** options,unsigned char * priority_list,int priority_len,int first_cutoff,int second_cutoff,int terminate)527 store_options(unsigned char *buffer, int buflen, struct tree_cache **options,
528 unsigned char *priority_list, int priority_len, int first_cutoff,
529 int second_cutoff, int terminate)
530 {
531 int bufix = 0, option_stored[256], i, ix, tto;
532
533 /* Zero out the stored-lengths array. */
534 memset(option_stored, 0, sizeof(option_stored));
535
536 /*
537 * Copy out the options in the order that they appear in the
538 * priority list...
539 */
540 for (i = 0; i < priority_len; i++) {
541 /* Code for next option to try to store. */
542 int code = priority_list[i];
543 int optstart;
544
545 /*
546 * Number of bytes left to store (some may already have
547 * been stored by a previous pass).
548 */
549 int length;
550
551 /* If no data is available for this option, skip it. */
552 if (!options[code]) {
553 continue;
554 }
555
556 /*
557 * The client could ask for things that are mandatory,
558 * in which case we should avoid storing them twice...
559 */
560 if (option_stored[code])
561 continue;
562 option_stored[code] = 1;
563
564 /* We should now have a constant length for the option. */
565 length = options[code]->len;
566
567 /* Do we add a NUL? */
568 if (terminate && dhcp_options[code].format[0] == 't') {
569 length++;
570 tto = 1;
571 } else
572 tto = 0;
573
574 /* Try to store the option. */
575
576 /*
577 * If the option's length is more than 255, we must
578 * store it in multiple hunks. Store 255-byte hunks
579 * first. However, in any case, if the option data will
580 * cross a buffer boundary, split it across that
581 * boundary.
582 */
583 ix = 0;
584
585 optstart = bufix;
586 while (length) {
587 unsigned char incr = length > 255 ? 255 : length;
588
589 /*
590 * If this hunk of the buffer will cross a
591 * boundary, only go up to the boundary in this
592 * pass.
593 */
594 if (bufix < first_cutoff &&
595 bufix + incr > first_cutoff)
596 incr = first_cutoff - bufix;
597 else if (bufix < second_cutoff &&
598 bufix + incr > second_cutoff)
599 incr = second_cutoff - bufix;
600
601 /*
602 * If this option is going to overflow the
603 * buffer, skip it.
604 */
605 if (bufix + 2 + incr > buflen) {
606 bufix = optstart;
607 break;
608 }
609
610 /* Everything looks good - copy it in! */
611 buffer[bufix] = code;
612 buffer[bufix + 1] = incr;
613 if (tto && incr == length) {
614 memcpy(buffer + bufix + 2,
615 options[code]->value + ix, incr - 1);
616 buffer[bufix + 2 + incr - 1] = 0;
617 } else
618 memcpy(buffer + bufix + 2,
619 options[code]->value + ix, incr);
620 length -= incr;
621 ix += incr;
622 bufix += 2 + incr;
623 }
624 }
625 return (bufix);
626 }
627
628 /*
629 * Format the specified option so that a human can easily read it.
630 */
631 const char *
pretty_print_option(unsigned int code,unsigned char * data,int len,int emit_commas,int emit_quotes)632 pretty_print_option(unsigned int code, unsigned char *data, int len,
633 int emit_commas, int emit_quotes)
634 {
635 static char optbuf[32768]; /* XXX */
636 int hunksize = 0, numhunk = -1, numelem = 0;
637 char fmtbuf[32], *op = optbuf;
638 int i, j, k, opleft = sizeof(optbuf);
639 unsigned char *dp = data;
640 struct in_addr foo;
641 char comma;
642
643 /* Code should be between 0 and 255. */
644 if (code > 255)
645 error("pretty_print_option: bad code %d", code);
646
647 if (emit_commas)
648 comma = ',';
649 else
650 comma = ' ';
651
652 /* Figure out the size of the data. */
653 for (i = 0; dhcp_options[code].format[i]; i++) {
654 if (!numhunk) {
655 warning("%s: Excess information in format string: %s",
656 dhcp_options[code].name,
657 &(dhcp_options[code].format[i]));
658 break;
659 }
660 numelem++;
661 fmtbuf[i] = dhcp_options[code].format[i];
662 switch (dhcp_options[code].format[i]) {
663 case 'A':
664 --numelem;
665 fmtbuf[i] = 0;
666 numhunk = 0;
667 break;
668 case 'X':
669 for (k = 0; k < len; k++)
670 if (!isascii(data[k]) ||
671 !isprint(data[k]))
672 break;
673 if (k == len) {
674 fmtbuf[i] = 't';
675 numhunk = -2;
676 } else {
677 fmtbuf[i] = 'x';
678 hunksize++;
679 comma = ':';
680 numhunk = 0;
681 }
682 fmtbuf[i + 1] = 0;
683 break;
684 case 't':
685 fmtbuf[i] = 't';
686 fmtbuf[i + 1] = 0;
687 numhunk = -2;
688 break;
689 case 'I':
690 case 'l':
691 case 'L':
692 hunksize += 4;
693 break;
694 case 's':
695 case 'S':
696 hunksize += 2;
697 break;
698 case 'b':
699 case 'B':
700 case 'f':
701 hunksize++;
702 break;
703 case 'e':
704 break;
705 default:
706 warning("%s: garbage in format string: %s",
707 dhcp_options[code].name,
708 &(dhcp_options[code].format[i]));
709 break;
710 }
711 }
712
713 /* Check for too few bytes... */
714 if (hunksize > len) {
715 warning("%s: expecting at least %d bytes; got %d",
716 dhcp_options[code].name, hunksize, len);
717 return ("<error>");
718 }
719 /* Check for too many bytes... */
720 if (numhunk == -1 && hunksize < len)
721 warning("%s: %d extra bytes",
722 dhcp_options[code].name, len - hunksize);
723
724 /* If this is an array, compute its size. */
725 if (!numhunk)
726 numhunk = len / hunksize;
727 /* See if we got an exact number of hunks. */
728 if (numhunk > 0 && numhunk * hunksize < len)
729 warning("%s: %d extra bytes at end of array",
730 dhcp_options[code].name, len - numhunk * hunksize);
731
732 /* A one-hunk array prints the same as a single hunk. */
733 if (numhunk < 0)
734 numhunk = 1;
735
736 /* Cycle through the array (or hunk) printing the data. */
737 for (i = 0; i < numhunk; i++) {
738 for (j = 0; j < numelem; j++) {
739 int opcount;
740 switch (fmtbuf[j]) {
741 case 't':
742 if (emit_quotes) {
743 *op++ = '"';
744 opleft--;
745 }
746 for (; dp < data + len; dp++) {
747 if (!isascii(*dp) ||
748 !isprint(*dp)) {
749 if (dp + 1 != data + len ||
750 *dp != 0) {
751 snprintf(op, opleft,
752 "\\%03o", *dp);
753 op += 4;
754 opleft -= 4;
755 }
756 } else if (*dp == '"' ||
757 *dp == '\'' ||
758 *dp == '$' ||
759 *dp == '`' ||
760 *dp == '\\') {
761 *op++ = '\\';
762 *op++ = *dp;
763 opleft -= 2;
764 } else {
765 *op++ = *dp;
766 opleft--;
767 }
768 }
769 if (emit_quotes) {
770 *op++ = '"';
771 opleft--;
772 }
773
774 *op = 0;
775 break;
776 case 'I':
777 foo.s_addr = htonl(getULong(dp));
778 opcount = strlcpy(op, inet_ntoa(foo), opleft);
779 if (opcount >= opleft)
780 goto toobig;
781 opleft -= opcount;
782 dp += 4;
783 break;
784 case 'l':
785 opcount = snprintf(op, opleft, "%ld",
786 (long)getLong(dp));
787 if (opcount >= opleft || opcount == -1)
788 goto toobig;
789 opleft -= opcount;
790 dp += 4;
791 break;
792 case 'L':
793 opcount = snprintf(op, opleft, "%lu",
794 (unsigned long)getULong(dp));
795 if (opcount >= opleft || opcount == -1)
796 goto toobig;
797 opleft -= opcount;
798 dp += 4;
799 break;
800 case 's':
801 opcount = snprintf(op, opleft, "%d",
802 getShort(dp));
803 if (opcount >= opleft || opcount == -1)
804 goto toobig;
805 opleft -= opcount;
806 dp += 2;
807 break;
808 case 'S':
809 opcount = snprintf(op, opleft, "%u",
810 getUShort(dp));
811 if (opcount >= opleft || opcount == -1)
812 goto toobig;
813 opleft -= opcount;
814 dp += 2;
815 break;
816 case 'b':
817 opcount = snprintf(op, opleft, "%d",
818 *(char *)dp++);
819 if (opcount >= opleft || opcount == -1)
820 goto toobig;
821 opleft -= opcount;
822 break;
823 case 'B':
824 opcount = snprintf(op, opleft, "%d", *dp++);
825 if (opcount >= opleft || opcount == -1)
826 goto toobig;
827 opleft -= opcount;
828 break;
829 case 'x':
830 opcount = snprintf(op, opleft, "%x", *dp++);
831 if (opcount >= opleft || opcount == -1)
832 goto toobig;
833 opleft -= opcount;
834 break;
835 case 'f':
836 opcount = strlcpy(op,
837 *dp++ ? "true" : "false", opleft);
838 if (opcount >= opleft)
839 goto toobig;
840 opleft -= opcount;
841 break;
842 default:
843 warning("Unexpected format code %c", fmtbuf[j]);
844 }
845 op += strlen(op);
846 opleft -= strlen(op);
847 if (opleft < 1)
848 goto toobig;
849 if (j + 1 < numelem && comma != ':') {
850 *op++ = ' ';
851 opleft--;
852 }
853 }
854 if (i + 1 < numhunk) {
855 *op++ = comma;
856 opleft--;
857 }
858 if (opleft < 1)
859 goto toobig;
860
861 }
862 return (optbuf);
863 toobig:
864 warning("dhcp option too large");
865 return ("<error>");
866 }
867
868 void
do_packet(struct interface_info * interface,struct dhcp_packet * packet,int len,unsigned int from_port,struct iaddr from,struct hardware * hfrom)869 do_packet(struct interface_info *interface, struct dhcp_packet *packet,
870 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom)
871 {
872 struct packet tp;
873 int i;
874
875 if (packet->hlen > sizeof(packet->chaddr)) {
876 note("Discarding packet with invalid hlen.");
877 return;
878 }
879
880 memset(&tp, 0, sizeof(tp));
881 tp.raw = packet;
882 tp.packet_length = len;
883 tp.client_port = from_port;
884 tp.client_addr = from;
885 tp.interface = interface;
886 tp.haddr = hfrom;
887
888 parse_options(&tp);
889 if (tp.options_valid &&
890 tp.options[DHO_DHCP_MESSAGE_TYPE].data)
891 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
892 if (tp.packet_type)
893 dhcp(&tp);
894 else
895 bootp(&tp);
896
897 /* Free the data associated with the options. */
898 for (i = 0; i < 256; i++)
899 free(tp.options[i].data);
900 }
901