xref: /freebsd/sbin/dhclient/options.c (revision 25ecdc7d52770caf1c9b44b5ec11f468f6b636f3)
1 /*	$OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $	*/
2 
3 /* DHCP options parsing and reassembly. */
4 
5 /*-
6  * SPDX-License-Identifier: BSD-3-Clause
7  *
8  * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  *
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in the
19  *    documentation and/or other materials provided with the distribution.
20  * 3. Neither the name of The Internet Software Consortium nor the names
21  *    of its contributors may be used to endorse or promote products derived
22  *    from this software without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
25  * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
26  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
29  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
32  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
34  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
35  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36  * SUCH DAMAGE.
37  *
38  * This software has been written for the Internet Software Consortium
39  * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
40  * Enterprises.  To learn more about the Internet Software Consortium,
41  * see ``http://www.vix.com/isc''.  To learn more about Vixie
42  * Enterprises, see ``http://www.vix.com''.
43  */
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include <ctype.h>
49 
50 #define DHCP_OPTION_DATA
51 #include "dhcpd.h"
52 
53 static int bad_options = 0;
54 static int bad_options_max = 5;
55 
56 void	parse_options(struct packet *);
57 void	parse_option_buffer(struct packet *, unsigned char *, int);
58 unsigned store_options(unsigned char *, int, struct tree_cache **,
59 	    unsigned char *, int, int, int, int);
60 void	expand_domain_search(struct packet *packet);
61 int	find_search_domain_name_len(struct option_data *option, size_t *offset);
62 void	expand_search_domain_name(struct option_data *option, size_t *offset,
63 	    unsigned char **domain_search);
64 
65 
66 /*
67  * Parse all available options out of the specified packet.
68  */
69 void
70 parse_options(struct packet *packet)
71 {
72 	/* Initially, zero all option pointers. */
73 	memset(packet->options, 0, sizeof(packet->options));
74 
75 	/* If we don't see the magic cookie, there's nothing to parse. */
76 	if (memcmp(packet->raw->options, DHCP_OPTIONS_COOKIE, 4)) {
77 		packet->options_valid = 0;
78 		return;
79 	}
80 
81 	/*
82 	 * Go through the options field, up to the end of the packet or
83 	 * the End field.
84 	 */
85 	parse_option_buffer(packet, &packet->raw->options[4],
86 	    packet->packet_length - DHCP_FIXED_NON_UDP - 4);
87 
88 	/*
89 	 * If we parsed a DHCP Option Overload option, parse more
90 	 * options out of the buffer(s) containing them.
91 	 */
92 	if (packet->options_valid &&
93 	    packet->options[DHO_DHCP_OPTION_OVERLOAD].data) {
94 		if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
95 			parse_option_buffer(packet,
96 			    (unsigned char *)packet->raw->file,
97 			    sizeof(packet->raw->file));
98 		if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
99 			parse_option_buffer(packet,
100 			    (unsigned char *)packet->raw->sname,
101 			    sizeof(packet->raw->sname));
102 	}
103 
104 	/* Expand DHCP Domain Search option. */
105 	if (packet->options_valid) {
106 		expand_domain_search(packet);
107 	}
108 }
109 
110 /*
111  * Parse options out of the specified buffer, storing addresses of
112  * option values in packet->options and setting packet->options_valid if
113  * no errors are encountered.
114  */
115 void
116 parse_option_buffer(struct packet *packet,
117     unsigned char *buffer, int length)
118 {
119 	unsigned char *s, *t, *end = buffer + length;
120 	int len, code;
121 
122 	for (s = buffer; *s != DHO_END && s < end; ) {
123 		code = s[0];
124 
125 		/* Pad options don't have a length - just skip them. */
126 		if (code == DHO_PAD) {
127 			s++;
128 			continue;
129 		}
130 		if (s + 2 > end) {
131 			len = 65536;
132 			goto bogus;
133 		}
134 
135 		/*
136 		 * All other fields (except end, see above) have a
137 		 * one-byte length.
138 		 */
139 		len = s[1];
140 
141 		/*
142 		 * If the length is outrageous, silently skip the rest,
143 		 * and mark the packet bad. Unfortunately some crappy
144 		 * dhcp servers always seem to give us garbage on the
145 		 * end of a packet. so rather than keep refusing, give
146 		 * up and try to take one after seeing a few without
147 		 * anything good.
148 		 */
149 		if (s + len + 2 > end) {
150 		    bogus:
151 			bad_options++;
152 			warning("option %s (%d) %s.",
153 			    dhcp_options[code].name, len,
154 			    "larger than buffer");
155 			if (bad_options == bad_options_max) {
156 				packet->options_valid = 1;
157 				bad_options = 0;
158 				warning("Many bogus options seen in offers. "
159 				    "Taking this offer in spite of bogus "
160 				    "options - hope for the best!");
161 			} else {
162 				warning("rejecting bogus offer.");
163 				packet->options_valid = 0;
164 			}
165 			return;
166 		}
167 		/*
168 		 * If we haven't seen this option before, just make
169 		 * space for it and copy it there.
170 		 */
171 		if (!packet->options[code].data) {
172 			if (!(t = calloc(1, len + 1)))
173 				error("Can't allocate storage for option %s.",
174 				    dhcp_options[code].name);
175 			/*
176 			 * Copy and NUL-terminate the option (in case
177 			 * it's an ASCII string.
178 			 */
179 			memcpy(t, &s[2], len);
180 			t[len] = 0;
181 			packet->options[code].len = len;
182 			packet->options[code].data = t;
183 		} else {
184 			/*
185 			 * If it's a repeat, concatenate it to whatever
186 			 * we last saw.   This is really only required
187 			 * for clients, but what the heck...
188 			 */
189 			t = calloc(1, len + packet->options[code].len + 1);
190 			if (!t)
191 				error("Can't expand storage for option %s.",
192 				    dhcp_options[code].name);
193 			memcpy(t, packet->options[code].data,
194 				packet->options[code].len);
195 			memcpy(t + packet->options[code].len,
196 				&s[2], len);
197 			packet->options[code].len += len;
198 			t[packet->options[code].len] = 0;
199 			free(packet->options[code].data);
200 			packet->options[code].data = t;
201 		}
202 		s += len + 2;
203 	}
204 	packet->options_valid = 1;
205 }
206 
207 /*
208  * Expand DHCP Domain Search option. The value of this option is
209  * encoded like DNS' list of labels. See:
210  *   RFC 3397
211  *   RFC 1035
212  */
213 void
214 expand_domain_search(struct packet *packet)
215 {
216 	size_t offset;
217 	int expanded_len, next_domain_len;
218 	struct option_data *option;
219 	unsigned char *domain_search, *cursor;
220 
221 	if (packet->options[DHO_DOMAIN_SEARCH].data == NULL)
222 		return;
223 
224 	option = &packet->options[DHO_DOMAIN_SEARCH];
225 
226 	/* Compute final expanded length. */
227 	expanded_len = 0;
228 	offset = 0;
229 	while (offset < option->len) {
230 		next_domain_len = find_search_domain_name_len(option, &offset);
231 		if (next_domain_len < 0)
232 			/* The Domain Search option value is invalid. */
233 			return;
234 
235 		/* We add 1 for the space between domain names. */
236 		expanded_len += next_domain_len + 1;
237 	}
238 	if (expanded_len > 0)
239 		/* Remove 1 for the superfluous trailing space. */
240 		--expanded_len;
241 
242 	domain_search = malloc(expanded_len + 1);
243 	if (domain_search == NULL)
244 		error("Can't allocate storage for expanded domain-search\n");
245 
246 	offset = 0;
247 	cursor = domain_search;
248 	while (offset < option->len) {
249 		expand_search_domain_name(option, &offset, &cursor);
250 		cursor[0] = ' ';
251 		cursor++;
252 	}
253 	domain_search[expanded_len] = '\0';
254 
255 	free(option->data);
256 	option->len = expanded_len;
257 	option->data = domain_search;
258 }
259 
260 int
261 find_search_domain_name_len(struct option_data *option, size_t *offset)
262 {
263 	int domain_name_len, label_len, pointed_len;
264 	size_t i, pointer;
265 
266 	domain_name_len = 0;
267 
268 	i = *offset;
269 	while (i < option->len) {
270 		label_len = option->data[i];
271 		if (label_len == 0) {
272 			/*
273 			 * A zero-length label marks the end of this
274 			 * domain name.
275 			 */
276 			*offset = i + 1;
277 			return (domain_name_len);
278 		} else if (label_len & 0xC0) {
279 			/* This is a pointer to another list of labels. */
280 			if (i + 1 >= option->len) {
281 				/* The pointer is truncated. */
282 				warning("Truncated pointer in DHCP Domain "
283 				    "Search option.");
284 				return (-1);
285 			}
286 
287 			pointer = ((label_len & ~(0xC0)) << 8) +
288 			    option->data[i + 1];
289 			if (pointer >= *offset) {
290 				/*
291 				 * The pointer must indicate a prior
292 				 * occurrence.
293 				 */
294 				warning("Invalid forward pointer in DHCP "
295 				    "Domain Search option compression.");
296 				return (-1);
297 			}
298 
299 			pointed_len = find_search_domain_name_len(option,
300 			    &pointer);
301 			if (pointed_len < 0)
302 				return (-1);
303 			domain_name_len += pointed_len;
304 
305 			*offset = i + 2;
306 			return (domain_name_len);
307 		}
308 
309 		if (i + label_len >= option->len) {
310 			warning("Truncated label in DHCP Domain Search "
311 			    "option.");
312 			return (-1);
313 		}
314 
315 		/*
316 		 * Update the domain name length with the length of the
317 		 * current label, plus a trailing dot ('.').
318 		 */
319 		domain_name_len += label_len + 1;
320 
321 		/* Move cursor. */
322 		i += label_len + 1;
323 	}
324 
325 	warning("Truncated DHCP Domain Search option.");
326 
327 	return (-1);
328 }
329 
330 void
331 expand_search_domain_name(struct option_data *option, size_t *offset,
332     unsigned char **domain_search)
333 {
334 	int label_len;
335 	size_t i, pointer;
336 	unsigned char *cursor;
337 
338 	/*
339 	 * This is the same loop than the function above
340 	 * (find_search_domain_name_len). Therefore, we remove checks,
341 	 * they're already done. Here, we just make the copy.
342 	 */
343 	i = *offset;
344 	cursor = *domain_search;
345 	while (i < option->len) {
346 		label_len = option->data[i];
347 		if (label_len == 0) {
348 			/*
349 			 * A zero-length label marks the end of this
350 			 * domain name.
351 			 */
352 			*offset = i + 1;
353 			*domain_search = cursor;
354 			return;
355 		} else if (label_len & 0xC0) {
356 			/* This is a pointer to another list of labels. */
357 			pointer = ((label_len & ~(0xC0)) << 8) +
358 			    option->data[i + 1];
359 
360 			expand_search_domain_name(option, &pointer, &cursor);
361 
362 			*offset = i + 2;
363 			*domain_search = cursor;
364 			return;
365 		}
366 
367 		/* Copy the label found. */
368 		memcpy(cursor, option->data + i + 1, label_len);
369 		cursor[label_len] = '.';
370 
371 		/* Move cursor. */
372 		i += label_len + 1;
373 		cursor += label_len + 1;
374 	}
375 }
376 
377 /*
378  * cons options into a big buffer, and then split them out into the
379  * three separate buffers if needed.  This allows us to cons up a set of
380  * vendor options using the same routine.
381  */
382 int
383 cons_options(struct packet *inpacket, struct dhcp_packet *outpacket,
384     int mms, struct tree_cache **options,
385     int overload, /* Overload flags that may be set. */
386     int terminate, int bootpp, u_int8_t *prl, int prl_len)
387 {
388 	unsigned char priority_list[300], buffer[4096];
389 	unsigned priority_len;
390 	size_t main_buffer_size;
391 	unsigned option_size, bufix, mainbufix;
392 	int length;
393 
394 	/*
395 	 * If the client has provided a maximum DHCP message size, use
396 	 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use
397 	 * up to the minimum IP MTU size (576 bytes).
398 	 *
399 	 * XXX if a BOOTP client specifies a max message size, we will
400 	 * honor it.
401 	 */
402 	if (!mms &&
403 	    inpacket &&
404 	    inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data &&
405 	    (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >=
406 	    sizeof(u_int16_t)))
407 		mms = getUShort(
408 		    inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data);
409 
410 	if (mms)
411 		main_buffer_size = mms - DHCP_FIXED_LEN;
412 	else if (bootpp)
413 		main_buffer_size = 64;
414 	else
415 		main_buffer_size = 576 - DHCP_FIXED_LEN;
416 
417 	if (main_buffer_size > sizeof(buffer))
418 		main_buffer_size = sizeof(buffer);
419 
420 	/* Preload the option priority list with mandatory options. */
421 	priority_len = 0;
422 	priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE;
423 	priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
424 	priority_list[priority_len++] = DHO_DHCP_LEASE_TIME;
425 	priority_list[priority_len++] = DHO_DHCP_MESSAGE;
426 
427 	/*
428 	 * If the client has provided a list of options that it wishes
429 	 * returned, use it to prioritize.  Otherwise, prioritize based
430 	 * on the default priority list.
431 	 */
432 	if (inpacket &&
433 	    inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
434 		unsigned prlen =
435 		    inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len;
436 		if (prlen + priority_len > sizeof(priority_list))
437 			prlen = sizeof(priority_list) - priority_len;
438 
439 		memcpy(&priority_list[priority_len],
440 		    inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data,
441 		    prlen);
442 		priority_len += prlen;
443 		prl = priority_list;
444 	} else if (prl) {
445 		if (prl_len + priority_len > sizeof(priority_list))
446 			prl_len = sizeof(priority_list) - priority_len;
447 
448 		memcpy(&priority_list[priority_len], prl, prl_len);
449 		priority_len += prl_len;
450 		prl = priority_list;
451 	} else {
452 		memcpy(&priority_list[priority_len],
453 		    dhcp_option_default_priority_list,
454 		    sizeof_dhcp_option_default_priority_list);
455 		priority_len += sizeof_dhcp_option_default_priority_list;
456 	}
457 
458 	/* Copy the options into the big buffer... */
459 	option_size = store_options(
460 	    buffer,
461 	    (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) +
462 		((overload & 2) ? DHCP_SNAME_LEN : 0)),
463 	    options, priority_list, priority_len, main_buffer_size,
464 	    (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)),
465 	    terminate);
466 
467 	/* Put the cookie up front... */
468 	memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4);
469 	mainbufix = 4;
470 
471 	/*
472 	 * If we're going to have to overload, store the overload option
473 	 * at the beginning.  If we can, though, just store the whole
474 	 * thing in the packet's option buffer and leave it at that.
475 	 */
476 	if (option_size <= main_buffer_size - mainbufix) {
477 		memcpy(&outpacket->options[mainbufix],
478 		    buffer, option_size);
479 		mainbufix += option_size;
480 		if (mainbufix < main_buffer_size)
481 			outpacket->options[mainbufix++] = DHO_END;
482 		length = DHCP_FIXED_NON_UDP + mainbufix;
483 	} else {
484 		outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD;
485 		outpacket->options[mainbufix++] = 1;
486 		if (option_size >
487 		    main_buffer_size - mainbufix + DHCP_FILE_LEN)
488 			outpacket->options[mainbufix++] = 3;
489 		else
490 			outpacket->options[mainbufix++] = 1;
491 
492 		memcpy(&outpacket->options[mainbufix],
493 		    buffer, main_buffer_size - mainbufix);
494 		bufix = main_buffer_size - mainbufix;
495 		length = DHCP_FIXED_NON_UDP + mainbufix;
496 		if (overload & 1) {
497 			if (option_size - bufix <= DHCP_FILE_LEN) {
498 				memcpy(outpacket->file,
499 				    &buffer[bufix], option_size - bufix);
500 				mainbufix = option_size - bufix;
501 				if (mainbufix < DHCP_FILE_LEN)
502 					outpacket->file[mainbufix++] = (char)DHO_END;
503 				while (mainbufix < DHCP_FILE_LEN)
504 					outpacket->file[mainbufix++] = (char)DHO_PAD;
505 			} else {
506 				memcpy(outpacket->file,
507 				    &buffer[bufix], DHCP_FILE_LEN);
508 				bufix += DHCP_FILE_LEN;
509 			}
510 		}
511 		if ((overload & 2) && option_size < bufix) {
512 			memcpy(outpacket->sname,
513 			    &buffer[bufix], option_size - bufix);
514 
515 			mainbufix = option_size - bufix;
516 			if (mainbufix < DHCP_SNAME_LEN)
517 				outpacket->file[mainbufix++] = (char)DHO_END;
518 			while (mainbufix < DHCP_SNAME_LEN)
519 				outpacket->file[mainbufix++] = (char)DHO_PAD;
520 		}
521 	}
522 	return (length);
523 }
524 
525 /*
526  * Store all the requested options into the requested buffer.
527  */
528 unsigned
529 store_options(unsigned char *buffer, int buflen, struct tree_cache **options,
530     unsigned char *priority_list, int priority_len, int first_cutoff,
531     int second_cutoff, int terminate)
532 {
533 	int bufix = 0, option_stored[256], i, ix, tto;
534 
535 	/* Zero out the stored-lengths array. */
536 	memset(option_stored, 0, sizeof(option_stored));
537 
538 	/*
539 	 * Copy out the options in the order that they appear in the
540 	 * priority list...
541 	 */
542 	for (i = 0; i < priority_len; i++) {
543 		/* Code for next option to try to store. */
544 		int code = priority_list[i];
545 		int optstart;
546 
547 		/*
548 		 * Number of bytes left to store (some may already have
549 		 * been stored by a previous pass).
550 		 */
551 		int length;
552 
553 		/* If no data is available for this option, skip it. */
554 		if (!options[code]) {
555 			continue;
556 		}
557 
558 		/*
559 		 * The client could ask for things that are mandatory,
560 		 * in which case we should avoid storing them twice...
561 		 */
562 		if (option_stored[code])
563 			continue;
564 		option_stored[code] = 1;
565 
566 		/* We should now have a constant length for the option. */
567 		length = options[code]->len;
568 
569 		/* Do we add a NUL? */
570 		if (terminate && dhcp_options[code].format[0] == 't') {
571 			length++;
572 			tto = 1;
573 		} else
574 			tto = 0;
575 
576 		/* Try to store the option. */
577 
578 		/*
579 		 * If the option's length is more than 255, we must
580 		 * store it in multiple hunks.   Store 255-byte hunks
581 		 * first.  However, in any case, if the option data will
582 		 * cross a buffer boundary, split it across that
583 		 * boundary.
584 		 */
585 		ix = 0;
586 
587 		optstart = bufix;
588 		while (length) {
589 			unsigned char incr = length > 255 ? 255 : length;
590 
591 			/*
592 			 * If this hunk of the buffer will cross a
593 			 * boundary, only go up to the boundary in this
594 			 * pass.
595 			 */
596 			if (bufix < first_cutoff &&
597 			    bufix + incr > first_cutoff)
598 				incr = first_cutoff - bufix;
599 			else if (bufix < second_cutoff &&
600 			    bufix + incr > second_cutoff)
601 				incr = second_cutoff - bufix;
602 
603 			/*
604 			 * If this option is going to overflow the
605 			 * buffer, skip it.
606 			 */
607 			if (bufix + 2 + incr > buflen) {
608 				bufix = optstart;
609 				break;
610 			}
611 
612 			/* Everything looks good - copy it in! */
613 			buffer[bufix] = code;
614 			buffer[bufix + 1] = incr;
615 			if (tto && incr == length) {
616 				memcpy(buffer + bufix + 2,
617 				    options[code]->value + ix, incr - 1);
618 				buffer[bufix + 2 + incr - 1] = 0;
619 			} else
620 				memcpy(buffer + bufix + 2,
621 				    options[code]->value + ix, incr);
622 			length -= incr;
623 			ix += incr;
624 			bufix += 2 + incr;
625 		}
626 	}
627 	return (bufix);
628 }
629 
630 /*
631  * Format the specified option so that a human can easily read it.
632  */
633 const char *
634 pretty_print_option(unsigned int code, unsigned char *data, int len,
635     int emit_commas, int emit_quotes)
636 {
637 	static char optbuf[32768]; /* XXX */
638 	int hunksize = 0, numhunk = -1, numelem = 0;
639 	char fmtbuf[32], *op = optbuf;
640 	int i, j, k, opleft = sizeof(optbuf);
641 	unsigned char *dp = data;
642 	struct in_addr foo;
643 	char comma;
644 
645 	/* Code should be between 0 and 255. */
646 	if (code > 255)
647 		error("pretty_print_option: bad code %d", code);
648 
649 	if (emit_commas)
650 		comma = ',';
651 	else
652 		comma = ' ';
653 
654 	/* Figure out the size of the data. */
655 	for (i = 0; dhcp_options[code].format[i]; i++) {
656 		if (!numhunk) {
657 			warning("%s: Excess information in format string: %s",
658 			    dhcp_options[code].name,
659 			    &(dhcp_options[code].format[i]));
660 			break;
661 		}
662 		numelem++;
663 		fmtbuf[i] = dhcp_options[code].format[i];
664 		switch (dhcp_options[code].format[i]) {
665 		case 'A':
666 			--numelem;
667 			fmtbuf[i] = 0;
668 			numhunk = 0;
669 			break;
670 		case 'X':
671 			for (k = 0; k < len; k++)
672 				if (!isascii(data[k]) ||
673 				    !isprint(data[k]))
674 					break;
675 			if (k == len) {
676 				fmtbuf[i] = 't';
677 				numhunk = -2;
678 			} else {
679 				fmtbuf[i] = 'x';
680 				hunksize++;
681 				comma = ':';
682 				numhunk = 0;
683 			}
684 			fmtbuf[i + 1] = 0;
685 			break;
686 		case 't':
687 			fmtbuf[i] = 't';
688 			fmtbuf[i + 1] = 0;
689 			numhunk = -2;
690 			break;
691 		case 'I':
692 		case 'l':
693 		case 'L':
694 			hunksize += 4;
695 			break;
696 		case 's':
697 		case 'S':
698 			hunksize += 2;
699 			break;
700 		case 'b':
701 		case 'B':
702 		case 'f':
703 			hunksize++;
704 			break;
705 		case 'e':
706 			break;
707 		default:
708 			warning("%s: garbage in format string: %s",
709 			    dhcp_options[code].name,
710 			    &(dhcp_options[code].format[i]));
711 			break;
712 		}
713 	}
714 
715 	/* Check for too few bytes... */
716 	if (hunksize > len) {
717 		warning("%s: expecting at least %d bytes; got %d",
718 		    dhcp_options[code].name, hunksize, len);
719 		return ("<error>");
720 	}
721 	/* Check for too many bytes... */
722 	if (numhunk == -1 && hunksize < len)
723 		warning("%s: %d extra bytes",
724 		    dhcp_options[code].name, len - hunksize);
725 
726 	/* If this is an array, compute its size. */
727 	if (!numhunk)
728 		numhunk = len / hunksize;
729 	/* See if we got an exact number of hunks. */
730 	if (numhunk > 0 && numhunk * hunksize < len)
731 		warning("%s: %d extra bytes at end of array",
732 		    dhcp_options[code].name, len - numhunk * hunksize);
733 
734 	/* A one-hunk array prints the same as a single hunk. */
735 	if (numhunk < 0)
736 		numhunk = 1;
737 
738 	/* Cycle through the array (or hunk) printing the data. */
739 	for (i = 0; i < numhunk; i++) {
740 		for (j = 0; j < numelem; j++) {
741 			int opcount;
742 			switch (fmtbuf[j]) {
743 			case 't':
744 				if (emit_quotes) {
745 					*op++ = '"';
746 					opleft--;
747 				}
748 				for (; dp < data + len; dp++) {
749 					if (!isascii(*dp) ||
750 					    !isprint(*dp)) {
751 						if (dp + 1 != data + len ||
752 						    *dp != 0) {
753 							snprintf(op, opleft,
754 							    "\\%03o", *dp);
755 							op += 4;
756 							opleft -= 4;
757 						}
758 					} else if (*dp == '"' ||
759 					    *dp == '\'' ||
760 					    *dp == '$' ||
761 					    *dp == '`' ||
762 					    *dp == '\\') {
763 						*op++ = '\\';
764 						*op++ = *dp;
765 						opleft -= 2;
766 					} else {
767 						*op++ = *dp;
768 						opleft--;
769 					}
770 				}
771 				if (emit_quotes) {
772 					*op++ = '"';
773 					opleft--;
774 				}
775 
776 				*op = 0;
777 				break;
778 			case 'I':
779 				foo.s_addr = htonl(getULong(dp));
780 				opcount = strlcpy(op, inet_ntoa(foo), opleft);
781 				if (opcount >= opleft)
782 					goto toobig;
783 				opleft -= opcount;
784 				dp += 4;
785 				break;
786 			case 'l':
787 				opcount = snprintf(op, opleft, "%ld",
788 				    (long)getLong(dp));
789 				if (opcount >= opleft || opcount == -1)
790 					goto toobig;
791 				opleft -= opcount;
792 				dp += 4;
793 				break;
794 			case 'L':
795 				opcount = snprintf(op, opleft, "%lu",
796 				    (unsigned long)getULong(dp));
797 				if (opcount >= opleft || opcount == -1)
798 					goto toobig;
799 				opleft -= opcount;
800 				dp += 4;
801 				break;
802 			case 's':
803 				opcount = snprintf(op, opleft, "%d",
804 				    getShort(dp));
805 				if (opcount >= opleft || opcount == -1)
806 					goto toobig;
807 				opleft -= opcount;
808 				dp += 2;
809 				break;
810 			case 'S':
811 				opcount = snprintf(op, opleft, "%u",
812 				    getUShort(dp));
813 				if (opcount >= opleft || opcount == -1)
814 					goto toobig;
815 				opleft -= opcount;
816 				dp += 2;
817 				break;
818 			case 'b':
819 				opcount = snprintf(op, opleft, "%d",
820 				    *(char *)dp++);
821 				if (opcount >= opleft || opcount == -1)
822 					goto toobig;
823 				opleft -= opcount;
824 				break;
825 			case 'B':
826 				opcount = snprintf(op, opleft, "%d", *dp++);
827 				if (opcount >= opleft || opcount == -1)
828 					goto toobig;
829 				opleft -= opcount;
830 				break;
831 			case 'x':
832 				opcount = snprintf(op, opleft, "%x", *dp++);
833 				if (opcount >= opleft || opcount == -1)
834 					goto toobig;
835 				opleft -= opcount;
836 				break;
837 			case 'f':
838 				opcount = strlcpy(op,
839 				    *dp++ ? "true" : "false", opleft);
840 				if (opcount >= opleft)
841 					goto toobig;
842 				opleft -= opcount;
843 				break;
844 			default:
845 				warning("Unexpected format code %c", fmtbuf[j]);
846 			}
847 			op += strlen(op);
848 			opleft -= strlen(op);
849 			if (opleft < 1)
850 				goto toobig;
851 			if (j + 1 < numelem && comma != ':') {
852 				*op++ = ' ';
853 				opleft--;
854 			}
855 		}
856 		if (i + 1 < numhunk) {
857 			*op++ = comma;
858 			opleft--;
859 		}
860 		if (opleft < 1)
861 			goto toobig;
862 
863 	}
864 	return (optbuf);
865  toobig:
866 	warning("dhcp option too large");
867 	return ("<error>");
868 }
869 
870 void
871 do_packet(struct interface_info *interface, struct dhcp_packet *packet,
872     int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom)
873 {
874 	struct packet tp;
875 	int i;
876 
877 	if (packet->hlen > sizeof(packet->chaddr)) {
878 		note("Discarding packet with invalid hlen.");
879 		return;
880 	}
881 
882 	memset(&tp, 0, sizeof(tp));
883 	tp.raw = packet;
884 	tp.packet_length = len;
885 	tp.client_port = from_port;
886 	tp.client_addr = from;
887 	tp.interface = interface;
888 	tp.haddr = hfrom;
889 
890 	parse_options(&tp);
891 	if (tp.options_valid &&
892 	    tp.options[DHO_DHCP_MESSAGE_TYPE].data)
893 		tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
894 	if (tp.packet_type)
895 		dhcp(&tp);
896 	else
897 		bootp(&tp);
898 
899 	/* Free the data associated with the options. */
900 	for (i = 0; i < 256; i++)
901 		free(tp.options[i].data);
902 }
903