Commit Graph

13 Commits

Author SHA1 Message Date
Nicholas J. Kain
27c9e2c553 Improve fingerprinting to support DHCP relay agents.
Mostly reverts the previous commit and instead teaches ndhc to properly
handle the case when it is communicating with a DHCP relay agent on
its local segment rather than directly with a DHCP server.
2015-02-12 23:28:54 -05:00
Nicholas J. Kain
9f87bd8b30 udp_checksum(): Clamp the value of the UDP packet header length.
Without this change, it is possible for malicious UDP packets to
make the function read past the end of a buffer.

If this was ever a possibility in ndhc, the previous commit fixed
that issue, but there is no reason for udp_checksum() to have
such a subtle precondition to proper use.  This change also makes
it easier to audit correctness.
2015-01-06 07:07:08 -05:00
Nicholas J. Kain
6548b5ce54 get_raw_packet(): Perform the UDP checksum after the packet length
checks.

This change makes it easier to verify that there can be no reads
beyond a buffer end by udp_checksum().
2015-01-06 04:32:58 -05:00
Nicholas J. Kain
c8dcf5a06b Make sure that received DHCP packets have a valid options end marker. 2015-01-06 04:02:52 -05:00
Nicholas J. Kain
12114c9bae Add more explicit length checks for get_raw_packet. 2014-07-25 20:34:01 -04:00
Nicholas J. Kain
ae03b6dd8f Move the ip checksum code out to ncmlib. 2014-06-08 20:34:34 -04:00
Nicholas J. Kain
07cbd88049 Just use raw sockets for listening to DHCP requests. A UDP SO_BROADCAST
socket was previously used only for receiving RENEWING packets, and it
added needless complexity and was somewhat fragile.
2014-04-16 01:00:36 -04:00
Nicholas J. Kain
ca85a6ba9f Style cleanups in dhcp.c. 2014-04-16 00:24:40 -04:00
Nicholas J. Kain
baa394af9a UDP listen sockets should be requested with 'U' instead of 'u'. 2014-04-15 20:54:35 -04:00
Nicholas J. Kain
18604c5245 get_udp_unicast_socket() needs to have the client address as an argument
when sending the request to sockd.

Also, print error messages if sockd returns an invalid fd (< 0).
2014-04-15 17:55:28 -04:00
Nicholas J. Kain
58b4ba768c If the IP header length does not match the size of the UDP packet received
via the raw socket, print both lengths in the warning message.
2014-04-15 15:23:52 -04:00
Nicholas J. Kain
6804be2277 Use safe_sendto where necessary, and check for short writes.
Also, change many log_lines to log_errors, mostly in ifset.c.
2014-04-07 04:15:02 -04:00
Nicholas J. Kain
b761889025 Move source from ndhc/ to src/ since ifchd is no longer a separate program. 2014-04-06 16:57:06 -04:00