BusyBox
/
busybox
mirror of https://github.com/mirror/busybox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
busybox/networking
History
Russ Dill e265c8d4c0 udhcp: Avoid leaking uninitialized/stale data 
I noticed a commit in connman:

"gdhcp: Avoid leaking stack data via unitiialized variable" [1]

Since gdhcp is just BusyBox udhcp with the serial numbers filed off, I
checked if BusyBox udhcp has a related issue.

The issue is that the get_option logic assumes any data within the
memory area of the buffer is "valid". This reduces the complexity of the
function at the cost of reading past the end of the actually received
data in the case of specially crafted packets. This is not a problem
for the udhcp_recv_kernel_packet data path as the entire memory
area is zeroed. However, d4/d6_recv_raw_packet does not zero the
memory.

Note that a related commit [2] is not required as we are zeroing
any data that can be read by the get_option function.

[1] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
[2] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa

function                                             old     new   delta
d4_recv_raw_packet                                   484     497     +13
d6_recv_raw_packet                                   216     228     +12
.rodata                                           105390  105381      -9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 25/-9)              Total: 16 bytes

Signed-off-by: Russ Dill <russ.dill@gmail.com>
Cc: Colin Wee <cwee@tesla.com>
Cc: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
 		2023-10-04 16:46:35 +02:00
..
libiproute libiproute: fix filtering ip6 route by table id 2023-07-09 20:26:23 +02:00
ssl_helper networking/ssl_helper: experimental matrixssl-based ssl helper 2014-02-23 23:31:13 +01:00
ssl_helper-wolfssl Update information on building httpd and wget helpers 2016-12-22 15:13:37 +01:00
udhcp udhcp: Avoid leaking uninitialized/stale data 2023-10-04 16:46:35 +02:00
Config.src config system: move some options closer to relevalnt tool subdirectories 2021-10-12 13:23:29 +02:00
Kbuild.src Convert all networking/* applets to "new style" applet definitions 2016-11-23 09:05:14 +01:00
arp.c Remove "select PLATFORM_LINUX" 2022-11-29 14:14:06 +01:00
arping.c Update applet size estimates 2023-07-10 17:25:21 +02:00
brctl.c introduce and use exitcode_t 2023-07-17 17:29:36 +02:00
dnsd.c Update applet size estimates 2023-07-10 17:25:21 +02:00
ether-wake.c Update applet size estimates 2023-07-10 17:25:21 +02:00
ftpd.c *: more --help tweaks 2021-06-16 14:24:27 +02:00
ftpgetput.c Update applet size estimates 2023-07-10 17:25:21 +02:00
hostname.c Update applet size estimates 2023-07-10 17:25:21 +02:00
httpd.c libbb: consolidate NOMMU fix of restoring high bit in argv[0][0] 2023-04-06 21:20:28 +02:00
httpd_helpers.sh Update information on building httpd and wget helpers 2016-12-22 15:13:37 +01:00
httpd_indexcgi.c style fix 2022-05-01 17:06:00 +02:00
httpd_post_upload.cgi httpd_post_upload.cgi: use mktemp to avoid $RANDOM 2021-06-06 13:44:08 +02:00
httpd_ssi.c style fix 2022-05-01 17:06:00 +02:00
ifconfig.c Remove "select PLATFORM_LINUX" 2022-11-29 14:14:06 +01:00
ifenslave.c build system: drop PLATFORM_LINUX 2020-08-13 17:12:56 +02:00
ifplugd.c Update applet size estimates 2023-07-10 17:25:21 +02:00
ifupdown.c *: slap on a few ALIGN* where appropriate 2022-02-06 19:53:10 +01:00
inetd.c libbb: code shrink: introduce and use [_]exit_FAILURE() 2023-06-15 11:55:56 +02:00
interface.c *: slap on a few ALIGN* where appropriate 2022-02-06 19:53:10 +01:00
ip.c Update applet size estimates 2023-07-10 17:25:21 +02:00
ipcalc.c Update applet size estimates 2023-07-10 17:25:21 +02:00
isrv.c libbb: reduce the overhead of single parameter bb_error_msg() calls 2019-07-02 11:35:03 +02:00
isrv.h fixlet for the previous commit #2 2014-01-09 20:09:43 +01:00
isrv_identd.c Update applet size estimates 2023-07-10 17:25:21 +02:00
nameif.c Update applet size estimates 2023-07-10 17:25:21 +02:00
nbd-client.c Update applet size estimates 2023-07-10 17:25:21 +02:00
nc.c libbb: code shrink: introduce and use [_]exit_SUCCESS() 2022-01-05 22:16:06 +01:00
nc_bloaty.c libbb: make bb_lookup_port() abort on bad port names 2021-09-09 22:00:44 +02:00
netstat.c decrease padding: gcc-9.3.1 slaps 32-byte alignment on arrays willy-nilly 2020-11-30 14:58:02 +01:00
nslookup.c Update applet size estimates 2023-07-10 17:25:21 +02:00
ntpd.c ntpd: fix a warning on 32-bit arch build 2023-07-10 17:29:38 +02:00
ntpd.diff ntpd: add experimental patch 2016-03-04 07:36:04 +01:00
parse_pasv_epsv.c networking: support ftp PASV responses not ending with ')' 2020-07-19 20:59:35 +02:00
ping.c libbb: code shrink: introduce and use [_]exit_FAILURE() 2023-06-15 11:55:56 +02:00
pscan.c Update applet size estimates 2023-07-10 17:25:21 +02:00
route.c Update applet size estimates 2023-07-10 17:25:21 +02:00
slattach.c Update applet size estimates 2023-07-10 17:25:21 +02:00
ssl_client.c Update applet size estimates 2023-07-10 17:25:21 +02:00
tc.c introduce and use exitcode_t 2023-07-17 17:29:36 +02:00
tcpudp.c tcp/udpsvd: robustify SIGCHLD handling 2021-06-05 15:24:04 +02:00
tcpudp_perhost.c tcpudp: shrink per-host rate-limiting code 2018-02-27 13:03:44 +01:00
tcpudp_perhost.h tcpudp: shrink per-host rate-limiting code 2018-02-27 13:03:44 +01:00
telnet.c randomconfig fixes 2020-12-29 16:53:11 +01:00
telnetd.IAC_test.sh telnetd: fix corner case of input processing of 0xff bytes 2016-10-12 19:13:46 +02:00
telnetd.c Update applet size estimates 2023-07-10 17:25:21 +02:00
telnetd.ctrlSQ.patch *: slap on a few ALIGN1/2s where appropriate 2016-04-22 18:09:21 +02:00
tftp.c telnetd: give inetd.conf example in --help 2021-06-16 10:49:18 +02:00
tls.c tls: move definitions around, no code changes 2022-09-08 16:56:54 +02:00
tls.h tls: remove unused tls_symmetric.h (was used by old "big" AES code) 2021-10-11 13:46:30 +02:00
tls_aes.c tls: code shrink in AES code 2020-12-15 18:47:25 +01:00
tls_aes.h tls: in AES-CBC code, do not set key for every record - do it once 2018-11-23 18:02:44 +01:00
tls_aesgcm.c suppress a few "unused function" warnings 2019-10-25 13:05:15 +02:00
tls_aesgcm.h tls: in AES-GCM decoding, avoid memmove 2018-11-24 13:51:46 +01:00
tls_fe.c tls: x25519: code shrink by factoring out common code 2021-12-01 15:09:44 +01:00
tls_pstm.c tls: whitespace fixes 2021-04-27 00:40:40 +02:00
tls_pstm.h whitespace fix 2021-10-11 19:11:06 +02:00
tls_pstm_montgomery_reduce.c tls: further reduce register pressure in i386 assembly 2021-04-20 19:03:55 +02:00
tls_pstm_mul_comba.c networking: cc is not a register 2019-05-17 22:56:47 +02:00
tls_pstm_sqr_comba.c networking: cc is not a register 2019-05-17 22:56:47 +02:00
tls_rsa.c tls: whitespace fixes 2021-04-27 00:40:40 +02:00
tls_rsa.h tls: do not leak RSA key 2018-11-25 16:17:26 +01:00
tls_sp_c32.c tls: P256: remove NOP macro sp_256_norm_8() 2022-07-13 16:11:17 +02:00
traceroute.c Update applet size estimates 2023-07-10 17:25:21 +02:00
tunctl.c Update applet size estimates 2023-07-10 17:25:21 +02:00
vconfig.c Update applet size estimates 2023-07-10 17:25:21 +02:00
wget.c Update applet size estimates 2023-07-10 17:25:21 +02:00
whois.c Update applet size estimates 2023-07-10 17:25:21 +02:00
zcip.c Update applet size estimates 2023-07-10 17:25:21 +02:00