We need to blacklist IP addresses at the packet level

so we can ignore NAKs from rogue servers who don't supply a ServerID, or supply a fake one.
author: Roy Marples <roy@marples.name> 2009-03-10 17:28:18 +0000
committer: Roy Marples <roy@marples.name> 2009-03-10 17:28:18 +0000
commit: ce6b39df64069a367cf62fd2bf450613ea54fc1a (patch)
tree: 6086bad95b20cbd34f8ddbf5e603a4465f259912 /net.c
parent: d14bdb3d441eae153235f877045d5ea8b098cebb (diff)
download: dhcpcd-ce6b39df64069a367cf62fd2bf450613ea54fc1a.tar.xz
1 files changed, 10 insertions, 2 deletions
diff --git a/net.c b/net.c
index b6d1f6bf..b9cb280c 100644
--- a/net.c
+++ b/net.c
@@ -639,16 +639,24 @@ get_udp_data(const uint8_t **data, const uint8_t *udp)
 }
 
 int
-valid_udp_packet(const uint8_t *data, size_t data_len)
+valid_udp_packet(const uint8_t *data, size_t data_len, struct in_addr *from)
 {
 	struct udp_dhcp_packet packet;
 	uint16_t bytes, udpsum;
 
+	if (data_len < sizeof(packet.ip)) {
+		if (from)
+			from->s_addr = INADDR_ANY;
+		errno = EINVAL;
+		return -1;
+	}
+	memcpy(&packet, data, MIN(data_len, sizeof(packet)));
+	if (from)
+		from->s_addr = packet.ip.ip_src.s_addr;
 	if (data_len > sizeof(packet)) {
 		errno = EINVAL;
 		return -1;
 	}
-	memcpy(&packet, data, data_len);
 	if (checksum(&packet.ip, sizeof(packet.ip)) != 0) {
 		errno = EINVAL;
 		return -1;
author	Roy Marples <roy@marples.name>	2009-03-10 17:28:18 +0000
committer	Roy Marples <roy@marples.name>	2009-03-10 17:28:18 +0000
commit	ce6b39df64069a367cf62fd2bf450613ea54fc1a (patch)
tree	6086bad95b20cbd34f8ddbf5e603a4465f259912 /net.c
parent	d14bdb3d441eae153235f877045d5ea8b098cebb (diff)
download	dhcpcd-ce6b39df64069a367cf62fd2bf450613ea54fc1a.tar.xz