1 /* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */ 2 3 /* DHCP options parsing and reassembly. */ 4 5 /*- 6 * SPDX-License-Identifier: BSD-3-Clause 7 * 8 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of The Internet Software Consortium nor the names 21 * of its contributors may be used to endorse or promote products derived 22 * from this software without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 25 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 26 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 28 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 32 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 33 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 34 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 35 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * This software has been written for the Internet Software Consortium 39 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 40 * Enterprises. To learn more about the Internet Software Consortium, 41 * see ``http://www.vix.com/isc''. To learn more about Vixie 42 * Enterprises, see ``http://www.vix.com''. 43 */ 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include <ctype.h> 49 50 #define DHCP_OPTION_DATA 51 #include "dhcpd.h" 52 53 static int bad_options = 0; 54 static int bad_options_max = 5; 55 56 void parse_options(struct packet *); 57 void parse_option_buffer(struct packet *, unsigned char *, int); 58 unsigned store_options(unsigned char *, int, struct tree_cache **, 59 unsigned char *, int, int, int, int); 60 void expand_domain_search(struct packet *packet); 61 int find_search_domain_name_len(struct option_data *option, size_t *offset); 62 void expand_search_domain_name(struct option_data *option, size_t *offset, 63 unsigned char **domain_search); 64 65 66 /* 67 * Parse all available options out of the specified packet. 68 */ 69 void 70 parse_options(struct packet *packet) 71 { 72 /* Initially, zero all option pointers. */ 73 memset(packet->options, 0, sizeof(packet->options)); 74 75 /* If we don't see the magic cookie, there's nothing to parse. */ 76 if (memcmp(packet->raw->options, DHCP_OPTIONS_COOKIE, 4)) { 77 packet->options_valid = 0; 78 return; 79 } 80 81 /* 82 * Go through the options field, up to the end of the packet or 83 * the End field. 84 */ 85 parse_option_buffer(packet, &packet->raw->options[4], 86 packet->packet_length - DHCP_FIXED_NON_UDP - 4); 87 88 /* 89 * If we parsed a DHCP Option Overload option, parse more 90 * options out of the buffer(s) containing them. 91 */ 92 if (packet->options_valid && 93 packet->options[DHO_DHCP_OPTION_OVERLOAD].data) { 94 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1) 95 parse_option_buffer(packet, 96 (unsigned char *)packet->raw->file, 97 sizeof(packet->raw->file)); 98 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2) 99 parse_option_buffer(packet, 100 (unsigned char *)packet->raw->sname, 101 sizeof(packet->raw->sname)); 102 } 103 104 /* Expand DHCP Domain Search option. */ 105 if (packet->options_valid) { 106 expand_domain_search(packet); 107 } 108 } 109 110 /* 111 * Parse options out of the specified buffer, storing addresses of 112 * option values in packet->options and setting packet->options_valid if 113 * no errors are encountered. 114 */ 115 void 116 parse_option_buffer(struct packet *packet, 117 unsigned char *buffer, int length) 118 { 119 unsigned char *s, *t, *end = buffer + length; 120 int len, code; 121 122 for (s = buffer; *s != DHO_END && s < end; ) { 123 code = s[0]; 124 125 /* Pad options don't have a length - just skip them. */ 126 if (code == DHO_PAD) { 127 s++; 128 continue; 129 } 130 if (s + 2 > end) { 131 len = 65536; 132 goto bogus; 133 } 134 135 /* 136 * All other fields (except end, see above) have a 137 * one-byte length. 138 */ 139 len = s[1]; 140 141 /* 142 * If the length is outrageous, silently skip the rest, 143 * and mark the packet bad. Unfortunately some crappy 144 * dhcp servers always seem to give us garbage on the 145 * end of a packet. so rather than keep refusing, give 146 * up and try to take one after seeing a few without 147 * anything good. 148 */ 149 if (s + len + 2 > end) { 150 bogus: 151 bad_options++; 152 warning("option %s (%d) %s.", 153 dhcp_options[code].name, len, 154 "larger than buffer"); 155 if (bad_options == bad_options_max) { 156 packet->options_valid = 1; 157 bad_options = 0; 158 warning("Many bogus options seen in offers. " 159 "Taking this offer in spite of bogus " 160 "options - hope for the best!"); 161 } else { 162 warning("rejecting bogus offer."); 163 packet->options_valid = 0; 164 } 165 return; 166 } 167 /* 168 * If we haven't seen this option before, just make 169 * space for it and copy it there. 170 */ 171 if (!packet->options[code].data) { 172 if (!(t = calloc(1, len + 1))) 173 error("Can't allocate storage for option %s.", 174 dhcp_options[code].name); 175 /* 176 * Copy and NUL-terminate the option (in case 177 * it's an ASCII string. 178 */ 179 memcpy(t, &s[2], len); 180 t[len] = 0; 181 packet->options[code].len = len; 182 packet->options[code].data = t; 183 } else { 184 /* 185 * If it's a repeat, concatenate it to whatever 186 * we last saw. This is really only required 187 * for clients, but what the heck... 188 */ 189 t = calloc(1, len + packet->options[code].len + 1); 190 if (!t) 191 error("Can't expand storage for option %s.", 192 dhcp_options[code].name); 193 memcpy(t, packet->options[code].data, 194 packet->options[code].len); 195 memcpy(t + packet->options[code].len, 196 &s[2], len); 197 packet->options[code].len += len; 198 t[packet->options[code].len] = 0; 199 free(packet->options[code].data); 200 packet->options[code].data = t; 201 } 202 s += len + 2; 203 } 204 packet->options_valid = 1; 205 } 206 207 /* 208 * Expand DHCP Domain Search option. The value of this option is 209 * encoded like DNS' list of labels. See: 210 * RFC 3397 211 * RFC 1035 212 */ 213 void 214 expand_domain_search(struct packet *packet) 215 { 216 size_t offset; 217 int expanded_len, next_domain_len; 218 struct option_data *option; 219 unsigned char *domain_search, *cursor; 220 221 if (packet->options[DHO_DOMAIN_SEARCH].data == NULL) 222 return; 223 224 option = &packet->options[DHO_DOMAIN_SEARCH]; 225 226 /* Compute final expanded length. */ 227 expanded_len = 0; 228 offset = 0; 229 while (offset < option->len) { 230 next_domain_len = find_search_domain_name_len(option, &offset); 231 if (next_domain_len < 0) 232 /* The Domain Search option value is invalid. */ 233 return; 234 235 /* We add 1 for the space between domain names. */ 236 expanded_len += next_domain_len + 1; 237 } 238 if (expanded_len > 0) 239 /* Remove 1 for the superfluous trailing space. */ 240 --expanded_len; 241 242 domain_search = malloc(expanded_len + 1); 243 if (domain_search == NULL) 244 error("Can't allocate storage for expanded domain-search\n"); 245 246 offset = 0; 247 cursor = domain_search; 248 while (offset < option->len) { 249 expand_search_domain_name(option, &offset, &cursor); 250 cursor[0] = ' '; 251 cursor++; 252 } 253 domain_search[expanded_len] = '\0'; 254 255 free(option->data); 256 option->len = expanded_len; 257 option->data = domain_search; 258 } 259 260 int 261 find_search_domain_name_len(struct option_data *option, size_t *offset) 262 { 263 int domain_name_len, label_len, pointed_len; 264 size_t i, pointer; 265 266 domain_name_len = 0; 267 268 i = *offset; 269 while (i < option->len) { 270 label_len = option->data[i]; 271 if (label_len == 0) { 272 /* 273 * A zero-length label marks the end of this 274 * domain name. 275 */ 276 *offset = i + 1; 277 return (domain_name_len); 278 } else if (label_len & 0xC0) { 279 /* This is a pointer to another list of labels. */ 280 if (i + 1 >= option->len) { 281 /* The pointer is truncated. */ 282 warning("Truncated pointer in DHCP Domain " 283 "Search option."); 284 return (-1); 285 } 286 287 pointer = ((label_len & ~(0xC0)) << 8) + 288 option->data[i + 1]; 289 if (pointer >= *offset) { 290 /* 291 * The pointer must indicate a prior 292 * occurrence. 293 */ 294 warning("Invalid forward pointer in DHCP " 295 "Domain Search option compression."); 296 return (-1); 297 } 298 299 pointed_len = find_search_domain_name_len(option, 300 &pointer); 301 domain_name_len += pointed_len; 302 303 *offset = i + 2; 304 return (domain_name_len); 305 } 306 307 if (i + label_len >= option->len) { 308 warning("Truncated label in DHCP Domain Search " 309 "option."); 310 return (-1); 311 } 312 313 /* 314 * Update the domain name length with the length of the 315 * current label, plus a trailing dot ('.'). 316 */ 317 domain_name_len += label_len + 1; 318 319 /* Move cursor. */ 320 i += label_len + 1; 321 } 322 323 warning("Truncated DHCP Domain Search option."); 324 325 return (-1); 326 } 327 328 void 329 expand_search_domain_name(struct option_data *option, size_t *offset, 330 unsigned char **domain_search) 331 { 332 int label_len; 333 size_t i, pointer; 334 unsigned char *cursor; 335 336 /* 337 * This is the same loop than the function above 338 * (find_search_domain_name_len). Therefore, we remove checks, 339 * they're already done. Here, we just make the copy. 340 */ 341 i = *offset; 342 cursor = *domain_search; 343 while (i < option->len) { 344 label_len = option->data[i]; 345 if (label_len == 0) { 346 /* 347 * A zero-length label marks the end of this 348 * domain name. 349 */ 350 *offset = i + 1; 351 *domain_search = cursor; 352 return; 353 } else if (label_len & 0xC0) { 354 /* This is a pointer to another list of labels. */ 355 pointer = ((label_len & ~(0xC0)) << 8) + 356 option->data[i + 1]; 357 358 expand_search_domain_name(option, &pointer, &cursor); 359 360 *offset = i + 2; 361 *domain_search = cursor; 362 return; 363 } 364 365 /* Copy the label found. */ 366 memcpy(cursor, option->data + i + 1, label_len); 367 cursor[label_len] = '.'; 368 369 /* Move cursor. */ 370 i += label_len + 1; 371 cursor += label_len + 1; 372 } 373 } 374 375 /* 376 * cons options into a big buffer, and then split them out into the 377 * three separate buffers if needed. This allows us to cons up a set of 378 * vendor options using the same routine. 379 */ 380 int 381 cons_options(struct packet *inpacket, struct dhcp_packet *outpacket, 382 int mms, struct tree_cache **options, 383 int overload, /* Overload flags that may be set. */ 384 int terminate, int bootpp, u_int8_t *prl, int prl_len) 385 { 386 unsigned char priority_list[300], buffer[4096]; 387 unsigned priority_len; 388 size_t main_buffer_size; 389 unsigned option_size, bufix, mainbufix; 390 int length; 391 392 /* 393 * If the client has provided a maximum DHCP message size, use 394 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use 395 * up to the minimum IP MTU size (576 bytes). 396 * 397 * XXX if a BOOTP client specifies a max message size, we will 398 * honor it. 399 */ 400 if (!mms && 401 inpacket && 402 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data && 403 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >= 404 sizeof(u_int16_t))) 405 mms = getUShort( 406 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data); 407 408 if (mms) 409 main_buffer_size = mms - DHCP_FIXED_LEN; 410 else if (bootpp) 411 main_buffer_size = 64; 412 else 413 main_buffer_size = 576 - DHCP_FIXED_LEN; 414 415 if (main_buffer_size > sizeof(buffer)) 416 main_buffer_size = sizeof(buffer); 417 418 /* Preload the option priority list with mandatory options. */ 419 priority_len = 0; 420 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE; 421 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER; 422 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME; 423 priority_list[priority_len++] = DHO_DHCP_MESSAGE; 424 425 /* 426 * If the client has provided a list of options that it wishes 427 * returned, use it to prioritize. Otherwise, prioritize based 428 * on the default priority list. 429 */ 430 if (inpacket && 431 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) { 432 unsigned prlen = 433 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len; 434 if (prlen + priority_len > sizeof(priority_list)) 435 prlen = sizeof(priority_list) - priority_len; 436 437 memcpy(&priority_list[priority_len], 438 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data, 439 prlen); 440 priority_len += prlen; 441 prl = priority_list; 442 } else if (prl) { 443 if (prl_len + priority_len > sizeof(priority_list)) 444 prl_len = sizeof(priority_list) - priority_len; 445 446 memcpy(&priority_list[priority_len], prl, prl_len); 447 priority_len += prl_len; 448 prl = priority_list; 449 } else { 450 memcpy(&priority_list[priority_len], 451 dhcp_option_default_priority_list, 452 sizeof_dhcp_option_default_priority_list); 453 priority_len += sizeof_dhcp_option_default_priority_list; 454 } 455 456 /* Copy the options into the big buffer... */ 457 option_size = store_options( 458 buffer, 459 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) + 460 ((overload & 2) ? DHCP_SNAME_LEN : 0)), 461 options, priority_list, priority_len, main_buffer_size, 462 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)), 463 terminate); 464 465 /* Put the cookie up front... */ 466 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4); 467 mainbufix = 4; 468 469 /* 470 * If we're going to have to overload, store the overload option 471 * at the beginning. If we can, though, just store the whole 472 * thing in the packet's option buffer and leave it at that. 473 */ 474 if (option_size <= main_buffer_size - mainbufix) { 475 memcpy(&outpacket->options[mainbufix], 476 buffer, option_size); 477 mainbufix += option_size; 478 if (mainbufix < main_buffer_size) 479 outpacket->options[mainbufix++] = DHO_END; 480 length = DHCP_FIXED_NON_UDP + mainbufix; 481 } else { 482 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD; 483 outpacket->options[mainbufix++] = 1; 484 if (option_size > 485 main_buffer_size - mainbufix + DHCP_FILE_LEN) 486 outpacket->options[mainbufix++] = 3; 487 else 488 outpacket->options[mainbufix++] = 1; 489 490 memcpy(&outpacket->options[mainbufix], 491 buffer, main_buffer_size - mainbufix); 492 bufix = main_buffer_size - mainbufix; 493 length = DHCP_FIXED_NON_UDP + mainbufix; 494 if (overload & 1) { 495 if (option_size - bufix <= DHCP_FILE_LEN) { 496 memcpy(outpacket->file, 497 &buffer[bufix], option_size - bufix); 498 mainbufix = option_size - bufix; 499 if (mainbufix < DHCP_FILE_LEN) 500 outpacket->file[mainbufix++] = (char)DHO_END; 501 while (mainbufix < DHCP_FILE_LEN) 502 outpacket->file[mainbufix++] = (char)DHO_PAD; 503 } else { 504 memcpy(outpacket->file, 505 &buffer[bufix], DHCP_FILE_LEN); 506 bufix += DHCP_FILE_LEN; 507 } 508 } 509 if ((overload & 2) && option_size < bufix) { 510 memcpy(outpacket->sname, 511 &buffer[bufix], option_size - bufix); 512 513 mainbufix = option_size - bufix; 514 if (mainbufix < DHCP_SNAME_LEN) 515 outpacket->file[mainbufix++] = (char)DHO_END; 516 while (mainbufix < DHCP_SNAME_LEN) 517 outpacket->file[mainbufix++] = (char)DHO_PAD; 518 } 519 } 520 return (length); 521 } 522 523 /* 524 * Store all the requested options into the requested buffer. 525 */ 526 unsigned 527 store_options(unsigned char *buffer, int buflen, struct tree_cache **options, 528 unsigned char *priority_list, int priority_len, int first_cutoff, 529 int second_cutoff, int terminate) 530 { 531 int bufix = 0, option_stored[256], i, ix, tto; 532 533 /* Zero out the stored-lengths array. */ 534 memset(option_stored, 0, sizeof(option_stored)); 535 536 /* 537 * Copy out the options in the order that they appear in the 538 * priority list... 539 */ 540 for (i = 0; i < priority_len; i++) { 541 /* Code for next option to try to store. */ 542 int code = priority_list[i]; 543 int optstart; 544 545 /* 546 * Number of bytes left to store (some may already have 547 * been stored by a previous pass). 548 */ 549 int length; 550 551 /* If no data is available for this option, skip it. */ 552 if (!options[code]) { 553 continue; 554 } 555 556 /* 557 * The client could ask for things that are mandatory, 558 * in which case we should avoid storing them twice... 559 */ 560 if (option_stored[code]) 561 continue; 562 option_stored[code] = 1; 563 564 /* We should now have a constant length for the option. */ 565 length = options[code]->len; 566 567 /* Do we add a NUL? */ 568 if (terminate && dhcp_options[code].format[0] == 't') { 569 length++; 570 tto = 1; 571 } else 572 tto = 0; 573 574 /* Try to store the option. */ 575 576 /* 577 * If the option's length is more than 255, we must 578 * store it in multiple hunks. Store 255-byte hunks 579 * first. However, in any case, if the option data will 580 * cross a buffer boundary, split it across that 581 * boundary. 582 */ 583 ix = 0; 584 585 optstart = bufix; 586 while (length) { 587 unsigned char incr = length > 255 ? 255 : length; 588 589 /* 590 * If this hunk of the buffer will cross a 591 * boundary, only go up to the boundary in this 592 * pass. 593 */ 594 if (bufix < first_cutoff && 595 bufix + incr > first_cutoff) 596 incr = first_cutoff - bufix; 597 else if (bufix < second_cutoff && 598 bufix + incr > second_cutoff) 599 incr = second_cutoff - bufix; 600 601 /* 602 * If this option is going to overflow the 603 * buffer, skip it. 604 */ 605 if (bufix + 2 + incr > buflen) { 606 bufix = optstart; 607 break; 608 } 609 610 /* Everything looks good - copy it in! */ 611 buffer[bufix] = code; 612 buffer[bufix + 1] = incr; 613 if (tto && incr == length) { 614 memcpy(buffer + bufix + 2, 615 options[code]->value + ix, incr - 1); 616 buffer[bufix + 2 + incr - 1] = 0; 617 } else 618 memcpy(buffer + bufix + 2, 619 options[code]->value + ix, incr); 620 length -= incr; 621 ix += incr; 622 bufix += 2 + incr; 623 } 624 } 625 return (bufix); 626 } 627 628 /* 629 * Format the specified option so that a human can easily read it. 630 */ 631 const char * 632 pretty_print_option(unsigned int code, unsigned char *data, int len, 633 int emit_commas, int emit_quotes) 634 { 635 static char optbuf[32768]; /* XXX */ 636 int hunksize = 0, numhunk = -1, numelem = 0; 637 char fmtbuf[32], *op = optbuf; 638 int i, j, k, opleft = sizeof(optbuf); 639 unsigned char *dp = data; 640 struct in_addr foo; 641 char comma; 642 643 /* Code should be between 0 and 255. */ 644 if (code > 255) 645 error("pretty_print_option: bad code %d", code); 646 647 if (emit_commas) 648 comma = ','; 649 else 650 comma = ' '; 651 652 /* Figure out the size of the data. */ 653 for (i = 0; dhcp_options[code].format[i]; i++) { 654 if (!numhunk) { 655 warning("%s: Excess information in format string: %s", 656 dhcp_options[code].name, 657 &(dhcp_options[code].format[i])); 658 break; 659 } 660 numelem++; 661 fmtbuf[i] = dhcp_options[code].format[i]; 662 switch (dhcp_options[code].format[i]) { 663 case 'A': 664 --numelem; 665 fmtbuf[i] = 0; 666 numhunk = 0; 667 break; 668 case 'X': 669 for (k = 0; k < len; k++) 670 if (!isascii(data[k]) || 671 !isprint(data[k])) 672 break; 673 if (k == len) { 674 fmtbuf[i] = 't'; 675 numhunk = -2; 676 } else { 677 fmtbuf[i] = 'x'; 678 hunksize++; 679 comma = ':'; 680 numhunk = 0; 681 } 682 fmtbuf[i + 1] = 0; 683 break; 684 case 't': 685 fmtbuf[i] = 't'; 686 fmtbuf[i + 1] = 0; 687 numhunk = -2; 688 break; 689 case 'I': 690 case 'l': 691 case 'L': 692 hunksize += 4; 693 break; 694 case 's': 695 case 'S': 696 hunksize += 2; 697 break; 698 case 'b': 699 case 'B': 700 case 'f': 701 hunksize++; 702 break; 703 case 'e': 704 break; 705 default: 706 warning("%s: garbage in format string: %s", 707 dhcp_options[code].name, 708 &(dhcp_options[code].format[i])); 709 break; 710 } 711 } 712 713 /* Check for too few bytes... */ 714 if (hunksize > len) { 715 warning("%s: expecting at least %d bytes; got %d", 716 dhcp_options[code].name, hunksize, len); 717 return ("<error>"); 718 } 719 /* Check for too many bytes... */ 720 if (numhunk == -1 && hunksize < len) 721 warning("%s: %d extra bytes", 722 dhcp_options[code].name, len - hunksize); 723 724 /* If this is an array, compute its size. */ 725 if (!numhunk) 726 numhunk = len / hunksize; 727 /* See if we got an exact number of hunks. */ 728 if (numhunk > 0 && numhunk * hunksize < len) 729 warning("%s: %d extra bytes at end of array", 730 dhcp_options[code].name, len - numhunk * hunksize); 731 732 /* A one-hunk array prints the same as a single hunk. */ 733 if (numhunk < 0) 734 numhunk = 1; 735 736 /* Cycle through the array (or hunk) printing the data. */ 737 for (i = 0; i < numhunk; i++) { 738 for (j = 0; j < numelem; j++) { 739 int opcount; 740 switch (fmtbuf[j]) { 741 case 't': 742 if (emit_quotes) { 743 *op++ = '"'; 744 opleft--; 745 } 746 for (; dp < data + len; dp++) { 747 if (!isascii(*dp) || 748 !isprint(*dp)) { 749 if (dp + 1 != data + len || 750 *dp != 0) { 751 snprintf(op, opleft, 752 "\\%03o", *dp); 753 op += 4; 754 opleft -= 4; 755 } 756 } else if (*dp == '"' || 757 *dp == '\'' || 758 *dp == '$' || 759 *dp == '`' || 760 *dp == '\\') { 761 *op++ = '\\'; 762 *op++ = *dp; 763 opleft -= 2; 764 } else { 765 *op++ = *dp; 766 opleft--; 767 } 768 } 769 if (emit_quotes) { 770 *op++ = '"'; 771 opleft--; 772 } 773 774 *op = 0; 775 break; 776 case 'I': 777 foo.s_addr = htonl(getULong(dp)); 778 opcount = strlcpy(op, inet_ntoa(foo), opleft); 779 if (opcount >= opleft) 780 goto toobig; 781 opleft -= opcount; 782 dp += 4; 783 break; 784 case 'l': 785 opcount = snprintf(op, opleft, "%ld", 786 (long)getLong(dp)); 787 if (opcount >= opleft || opcount == -1) 788 goto toobig; 789 opleft -= opcount; 790 dp += 4; 791 break; 792 case 'L': 793 opcount = snprintf(op, opleft, "%lu", 794 (unsigned long)getULong(dp)); 795 if (opcount >= opleft || opcount == -1) 796 goto toobig; 797 opleft -= opcount; 798 dp += 4; 799 break; 800 case 's': 801 opcount = snprintf(op, opleft, "%d", 802 getShort(dp)); 803 if (opcount >= opleft || opcount == -1) 804 goto toobig; 805 opleft -= opcount; 806 dp += 2; 807 break; 808 case 'S': 809 opcount = snprintf(op, opleft, "%u", 810 getUShort(dp)); 811 if (opcount >= opleft || opcount == -1) 812 goto toobig; 813 opleft -= opcount; 814 dp += 2; 815 break; 816 case 'b': 817 opcount = snprintf(op, opleft, "%d", 818 *(char *)dp++); 819 if (opcount >= opleft || opcount == -1) 820 goto toobig; 821 opleft -= opcount; 822 break; 823 case 'B': 824 opcount = snprintf(op, opleft, "%d", *dp++); 825 if (opcount >= opleft || opcount == -1) 826 goto toobig; 827 opleft -= opcount; 828 break; 829 case 'x': 830 opcount = snprintf(op, opleft, "%x", *dp++); 831 if (opcount >= opleft || opcount == -1) 832 goto toobig; 833 opleft -= opcount; 834 break; 835 case 'f': 836 opcount = strlcpy(op, 837 *dp++ ? "true" : "false", opleft); 838 if (opcount >= opleft) 839 goto toobig; 840 opleft -= opcount; 841 break; 842 default: 843 warning("Unexpected format code %c", fmtbuf[j]); 844 } 845 op += strlen(op); 846 opleft -= strlen(op); 847 if (opleft < 1) 848 goto toobig; 849 if (j + 1 < numelem && comma != ':') { 850 *op++ = ' '; 851 opleft--; 852 } 853 } 854 if (i + 1 < numhunk) { 855 *op++ = comma; 856 opleft--; 857 } 858 if (opleft < 1) 859 goto toobig; 860 861 } 862 return (optbuf); 863 toobig: 864 warning("dhcp option too large"); 865 return ("<error>"); 866 } 867 868 void 869 do_packet(struct interface_info *interface, struct dhcp_packet *packet, 870 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom) 871 { 872 struct packet tp; 873 int i; 874 875 if (packet->hlen > sizeof(packet->chaddr)) { 876 note("Discarding packet with invalid hlen."); 877 return; 878 } 879 880 memset(&tp, 0, sizeof(tp)); 881 tp.raw = packet; 882 tp.packet_length = len; 883 tp.client_port = from_port; 884 tp.client_addr = from; 885 tp.interface = interface; 886 tp.haddr = hfrom; 887 888 parse_options(&tp); 889 if (tp.options_valid && 890 tp.options[DHO_DHCP_MESSAGE_TYPE].data) 891 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0]; 892 if (tp.packet_type) 893 dhcp(&tp); 894 else 895 bootp(&tp); 896 897 /* Free the data associated with the options. */ 898 for (i = 0; i < 256; i++) 899 if (tp.options[i].len && tp.options[i].data) 900 free(tp.options[i].data); 901 } 902