xref: /openbsd/sbin/dhclient/options.c (revision 9a2590e5)

/* options.c

   DHCP options parsing and reassembly. */

/*
 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of The Internet Software Consortium nor the names
 *    of its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * This software has been written for the Internet Software Consortium
 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
 * Enterprises.  To learn more about the Internet Software Consortium,
 * see ``http://www.vix.com/isc''.  To learn more about Vixie
 * Enterprises, see ``http://www.vix.com''.
 */

#define DHCP_OPTION_DATA
#include "dhcpd.h"
#include <ctype.h>

int bad_options = 0;
int bad_options_max = 5;

/* Parse all available options out of the specified packet. */

void parse_options (packet)
	struct packet *packet;
{
	/* Initially, zero all option pointers. */
	memset (packet -> options, 0, sizeof (packet -> options));

	/* If we don't see the magic cookie, there's nothing to parse. */
	if (memcmp (packet -> raw -> options, DHCP_OPTIONS_COOKIE, 4)) {
		packet -> options_valid = 0;
		return;
	}

	/* Go through the options field, up to the end of the packet
	   or the End field. */
	parse_option_buffer (packet, &packet -> raw -> options [4],
			     packet -> packet_length - DHCP_FIXED_NON_UDP - 4);
	/* If we parsed a DHCP Option Overload option, parse more
	   options out of the buffer(s) containing them. */
	if (packet -> options_valid
	    && packet -> options [DHO_DHCP_OPTION_OVERLOAD].data) {
		if (packet -> options [DHO_DHCP_OPTION_OVERLOAD].data [0] & 1)
			parse_option_buffer (packet,
					     (unsigned char *)
					     packet -> raw -> file,
					     sizeof packet -> raw -> file);
		if (packet -> options [DHO_DHCP_OPTION_OVERLOAD].data [0] & 2)
			parse_option_buffer (packet,
					     (unsigned char *)
					     packet -> raw -> sname,
					     sizeof packet -> raw -> sname);
	}
}

/* Parse options out of the specified buffer, storing addresses of option
   values in packet -> options and setting packet -> options_valid if no
   errors are encountered. */

void parse_option_buffer (packet, buffer, length)
	struct packet *packet;
	unsigned char *buffer;
	int length;
{
	unsigned char *s, *t;
	unsigned char *end = buffer + length;
	int len;
	int code;

	for (s = buffer; *s != DHO_END && s < end; ) {
		code = s [0];

		/* Pad options don't have a length - just skip them. */
		if (code == DHO_PAD) {
			++s;
			continue;
		}
		if (s + 2 > end) {
			len = 65536;
			goto bogus;
		}

		/* All other fields (except end, see above) have a
		   one-byte length. */
		len = s [1];

		/* If the length is outrageous, silently skip the
		 * rest, and mark the packet bad. Unfortuntely
		 * some crappy dhcp servers always seem to give
		 * us garbage on the end of a packet. so rather than
		 * keep refusing, give up and try to take one after
		 * seeing a few without anything good.
		 */
		if (s + len + 2 > end) {
		    bogus:
			bad_options++;
			warn ("option %s (%d) %s.",
			      dhcp_options [code].name, len,
			      "larger than buffer");
			if (bad_options == bad_options_max) {
				packet -> options_valid = 1;
				bad_options = 0;
				warn ("Many bogus options seen in offers.");
				warn ("Taking this offer in spite of bogus");
				warn ("options - hope for the best!");
			} else {
				warn ("rejecting bogus offer.");
				packet -> options_valid = 0;
			}
			return;
		}
		/* If we haven't seen this option before, just make
		   space for it and copy it there. */
		if (!packet -> options [code].data) {
			if (!(t = ((unsigned char *)
				   dmalloc (len + 1, "parse_option_buffer"))))
				error ("Can't allocate storage for option %s.",
				       dhcp_options [code].name);
			/* Copy and NUL-terminate the option (in case it's an
			   ASCII string. */
			memcpy (t, &s [2], len);
			t [len] = 0;
			packet -> options [code].len = len;
			packet -> options [code].data = t;
		} else {
			/* If it's a repeat, concatenate it to whatever
			   we last saw.   This is really only required
			   for clients, but what the heck... */
			t = ((unsigned char *)
			     dmalloc (len + packet -> options [code].len + 1,
				      "parse_option_buffer"));
			if (!t)
				error ("Can't expand storage for option %s.",
				       dhcp_options [code].name);
			memcpy (t, packet -> options [code].data,
				packet -> options [code].len);
			memcpy (t + packet -> options [code].len,
				&s [2], len);
			packet -> options [code].len += len;
			t [packet -> options [code].len] = 0;
			dfree (packet -> options [code].data,
			       "parse_option_buffer");
			packet -> options [code].data = t;
		}
		s += len + 2;
	}
	packet -> options_valid = 1;
}

/* cons options into a big buffer, and then split them out into the
   three separate buffers if needed.  This allows us to cons up a set
   of vendor options using the same routine. */

int cons_options (inpacket, outpacket, mms,
		  options, overload, terminate, bootpp, prl, prl_len)
	struct packet *inpacket;
	struct dhcp_packet *outpacket;
	int mms;
	struct tree_cache **options;
	int overload;	/* Overload flags that may be set. */
	int terminate;
	int bootpp;
	u_int8_t *prl;
	int prl_len;
{
	unsigned char priority_list [300];
	int priority_len;
	unsigned char buffer [4096];	/* Really big buffer... */
	int main_buffer_size;
	int mainbufix, bufix;
	int option_size;
	int length;

	/* If the client has provided a maximum DHCP message size,
	   use that; otherwise, if it's BOOTP, only 64 bytes; otherwise
	   use up to the minimum IP MTU size (576 bytes). */
	/* XXX if a BOOTP client specifies a max message size, we will
	   honor it. */
	if (!mms &&
	    inpacket &&
	    inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].data &&
	    (inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].len >=
	     sizeof (u_int16_t)))
		mms = getUShort (inpacket -> options
				 [DHO_DHCP_MAX_MESSAGE_SIZE].data);

	/* If the client has provided a maximum DHCP message size,
	   use that; otherwise, if it's BOOTP, only 64 bytes; otherwise
	   use up to the minimum IP MTU size (576 bytes). */
	/* XXX if a BOOTP client specifies a max message size, we will
	   honor it. */
	if (mms)
		main_buffer_size = mms - DHCP_FIXED_LEN;
	else if (bootpp)
		main_buffer_size = 64;
	else
		main_buffer_size = 576 - DHCP_FIXED_LEN;

	if (main_buffer_size > sizeof buffer)
		main_buffer_size = sizeof buffer;

	/* Preload the option priority list with mandatory options. */
	priority_len = 0;
	priority_list [priority_len++] = DHO_DHCP_MESSAGE_TYPE;
	priority_list [priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
	priority_list [priority_len++] = DHO_DHCP_LEASE_TIME;
	priority_list [priority_len++] = DHO_DHCP_MESSAGE;

	/* If the client has provided a list of options that it wishes
	   returned, use it to prioritize.  Otherwise, prioritize
	   based on the default priority list. */

	if (inpacket &&
	    inpacket -> options [DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
		int prlen = (inpacket ->
			     options [DHO_DHCP_PARAMETER_REQUEST_LIST].len);
		if (prlen + priority_len > sizeof priority_list)
			prlen = (sizeof priority_list) - priority_len;

		memcpy (&priority_list [priority_len],
			(inpacket -> options
			 [DHO_DHCP_PARAMETER_REQUEST_LIST].data), prlen);
		priority_len += prlen;
		prl = priority_list;
	} else if (prl) {
		if (prl_len + priority_len > sizeof priority_list)
			prl_len = (sizeof priority_list) - priority_len;

		memcpy (&priority_list [priority_len], prl, prl_len);
		priority_len += prl_len;
		prl = priority_list;
	} else {
		memcpy (&priority_list [priority_len],
			dhcp_option_default_priority_list,
			sizeof_dhcp_option_default_priority_list);
		priority_len += sizeof_dhcp_option_default_priority_list;
	}

	/* Copy the options into the big buffer... */
	option_size = store_options (buffer,
				     (main_buffer_size - 7 +
				      ((overload & 1) ? DHCP_FILE_LEN : 0) +
				      ((overload & 2) ? DHCP_SNAME_LEN : 0)),
				     options, priority_list, priority_len,
				     main_buffer_size,
				     (main_buffer_size +
				      ((overload & 1) ? DHCP_FILE_LEN : 0)),
				     terminate);

	/* Put the cookie up front... */
	memcpy (outpacket -> options, DHCP_OPTIONS_COOKIE, 4);
	mainbufix = 4;

	/* If we're going to have to overload, store the overload
	   option at the beginning.  If we can, though, just store the
	   whole thing in the packet's option buffer and leave it at
	   that. */
	if (option_size <= main_buffer_size - mainbufix) {
		memcpy (&outpacket -> options [mainbufix],
			buffer, option_size);
		mainbufix += option_size;
		if (mainbufix < main_buffer_size)
			outpacket -> options [mainbufix++]
				= DHO_END;
		length = DHCP_FIXED_NON_UDP + mainbufix;
	} else {
		outpacket -> options [mainbufix++] =
			DHO_DHCP_OPTION_OVERLOAD;
		outpacket -> options [mainbufix++] = 1;
		if (option_size > main_buffer_size - mainbufix + DHCP_FILE_LEN)
			outpacket -> options [mainbufix++] = 3;
		else
			outpacket -> options [mainbufix++] = 1;

		memcpy (&outpacket -> options [mainbufix],
			buffer, main_buffer_size - mainbufix);
		bufix = main_buffer_size - mainbufix;
		length = DHCP_FIXED_NON_UDP + mainbufix;
		if (overload & 1) {
			if (option_size - bufix <= DHCP_FILE_LEN) {
				memcpy (outpacket -> file,
					&buffer [bufix], option_size - bufix);
				mainbufix = option_size - bufix;
				if (mainbufix < DHCP_FILE_LEN)
					outpacket -> file [mainbufix++]
						= DHO_END;
				while (mainbufix < DHCP_FILE_LEN)
					outpacket -> file [mainbufix++]
						= DHO_PAD;
			} else {
				memcpy (outpacket -> file,
					&buffer [bufix], DHCP_FILE_LEN);
				bufix += DHCP_FILE_LEN;
			}
		}
		if ((overload & 2) && option_size < bufix) {
			memcpy (outpacket -> sname,
				&buffer [bufix], option_size - bufix);

			mainbufix = option_size - bufix;
			if (mainbufix < DHCP_SNAME_LEN)
				outpacket -> file [mainbufix++]
					= DHO_END;
			while (mainbufix < DHCP_SNAME_LEN)
				outpacket -> file [mainbufix++]
					= DHO_PAD;
		}
	}
	return length;
}

/* Store all the requested options into the requested buffer. */

int store_options (buffer, buflen, options, priority_list, priority_len,
		   first_cutoff, second_cutoff, terminate)
	unsigned char *buffer;
	int buflen;
	struct tree_cache **options;
	unsigned char *priority_list;
	int priority_len;
	int first_cutoff, second_cutoff;
	int terminate;
{
	int bufix = 0;
	int option_stored [256];
	int i;
	int ix;
	int tto;

	/* Zero out the stored-lengths array. */
	memset (option_stored, 0, sizeof option_stored);

	/* Copy out the options in the order that they appear in the
	   priority list... */
	for (i = 0; i < priority_len; i++) {
		/* Code for next option to try to store. */
		int code = priority_list [i];
		int optstart;

		/* Number of bytes left to store (some may already
		   have been stored by a previous pass). */
		int length;

		/* If no data is available for this option, skip it. */
		if (!options [code]) {
			continue;
		}

		/* The client could ask for things that are mandatory,
		   in which case we should avoid storing them twice... */
		if (option_stored [code])
			continue;
		option_stored [code] = 1;

		/* Find the value of the option... */
		if (!tree_evaluate (options [code])) {
			continue;
		}

		/* We should now have a constant length for the option. */
		length = options [code] -> len;

		/* Do we add a NUL? */
		if (terminate && dhcp_options [code].format [0] == 't') {
			length++;
			tto = 1;
		} else {
			tto = 0;
		}

		/* Try to store the option. */

		/* If the option's length is more than 255, we must store it
		   in multiple hunks.   Store 255-byte hunks first.  However,
		   in any case, if the option data will cross a buffer
		   boundary, split it across that boundary. */

		ix = 0;

		optstart = bufix;
		while (length) {
			unsigned char incr = length > 255 ? 255 : length;

			/* If this hunk of the buffer will cross a
			   boundary, only go up to the boundary in this
			   pass. */
			if (bufix < first_cutoff &&
			    bufix + incr > first_cutoff)
				incr = first_cutoff - bufix;
			else if (bufix < second_cutoff &&
				 bufix + incr > second_cutoff)
				incr = second_cutoff - bufix;

			/* If this option is going to overflow the buffer,
			   skip it. */
			if (bufix + 2 + incr > buflen) {
				bufix = optstart;
				break;
			}

			/* Everything looks good - copy it in! */
			buffer [bufix] = code;
			buffer [bufix + 1] = incr;
			if (tto && incr == length) {
				memcpy (buffer + bufix + 2,
					options [code] -> value + ix,
					incr - 1);
				buffer [bufix + 2 + incr - 1] = 0;
			} else {
				memcpy (buffer + bufix + 2,
					options [code] -> value + ix, incr);
			}
			length -= incr;
			ix += incr;
			bufix += 2 + incr;
		}
	}
	return bufix;
}

/* Format the specified option so that a human can easily read it. */

char *pretty_print_option (code, data, len, emit_commas, emit_quotes)
	unsigned int code;
	unsigned char *data;
	int len;
	int emit_commas;
	int emit_quotes;
{
	static char optbuf [32768]; /* XXX */
	int hunksize = 0;
	int numhunk = -1;
	int numelem = 0;
	char fmtbuf [32];
	int i, j, k;
	char *op = optbuf;
	int opleft = sizeof(optbuf);
	unsigned char *dp = data;
	struct in_addr foo;
	char comma;


	/* Code should be between 0 and 255. */
	if (code > 255)
		error ("pretty_print_option: bad code %d\n", code);

	if (emit_commas)
		comma = ',';
	else
		comma = ' ';

	/* Figure out the size of the data. */
	for (i = 0; dhcp_options [code].format [i]; i++) {
		if (!numhunk) {
			warn ("%s: Excess information in format string: %s",
			      dhcp_options [code].name,
			      &(dhcp_options [code].format [i]));
			break;
		}
		numelem++;
		fmtbuf [i] = dhcp_options [code].format [i];
		switch (dhcp_options [code].format [i]) {
		      case 'A':
			--numelem;
			fmtbuf [i] = 0;
			numhunk = 0;
			break;
		      case 'X':
			for (k = 0; k < len; k++) {
				if (!isascii (data [k]) ||
				    !isprint (data [k]))
					break;
			}
			if (k == len) {
				fmtbuf [i] = 't';
				numhunk = -2;
			} else {
				fmtbuf [i] = 'x';
				hunksize++;
				comma = ':';
				numhunk = 0;
			}
			fmtbuf [i + 1] = 0;
			break;
		      case 't':
			fmtbuf [i] = 't';
			fmtbuf [i + 1] = 0;
			numhunk = -2;
			break;
		      case 'I':
		      case 'l':
		      case 'L':
			hunksize += 4;
			break;
		      case 's':
		      case 'S':
			hunksize += 2;
			break;
		      case 'b':
		      case 'B':
		      case 'f':
			hunksize++;
			break;
		      case 'e':
			break;
		      default:
			warn ("%s: garbage in format string: %s",
			      dhcp_options [code].name,
			      &(dhcp_options [code].format [i]));
			break;
		}
	}

	/* Check for too few bytes... */
	if (hunksize > len) {
		warn ("%s: expecting at least %d bytes; got %d",
		      dhcp_options [code].name,
		      hunksize, len);
		return "<error>";
	}
	/* Check for too many bytes... */
	if (numhunk == -1 && hunksize < len)
		warn ("%s: %d extra bytes",
		      dhcp_options [code].name,
		      len - hunksize);

	/* If this is an array, compute its size. */
	if (!numhunk)
		numhunk = len / hunksize;
	/* See if we got an exact number of hunks. */
	if (numhunk > 0 && numhunk * hunksize < len)
		warn ("%s: %d extra bytes at end of array",
		      dhcp_options [code].name,
		      len - numhunk * hunksize);

	/* A one-hunk array prints the same as a single hunk. */
	if (numhunk < 0)
		numhunk = 1;

	/* Cycle through the array (or hunk) printing the data. */
	for (i = 0; i < numhunk; i++) {
		for (j = 0; j < numelem; j++) {
		        int opcount;
			switch (fmtbuf [j]) {
			      case 't':
				if (emit_quotes) {
					*op++ = '"';
					opleft--;
				}
				for (; dp < data + len; dp++) {
					if (!isascii (*dp) ||
					    !isprint (*dp)) {
						if (dp + 1 != data + len ||
						    *dp != 0) {
							snprintf(op, opleft,
							    "\\%03o", *dp);
							op += 4;
							opleft -= 4;
						}
					} else if (*dp == '"' ||
						   *dp == '\'' ||
						   *dp == '$' ||
						   *dp == '`' ||
						   *dp == '\\') {
						*op++ = '\\';
						*op++ = *dp;
						opleft -= 2;
					} else {
						*op++ = *dp;
						opleft--;
					}
				}
				if (emit_quotes) {
					*op++ = '"';
					opleft--;
				}

				*op = 0;
				break;
			      case 'I':
				foo.s_addr = htonl(getULong (dp));
				opcount = strlcpy(op, inet_ntoa (foo),
			          opleft);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				dp += 4;
				break;
			      case 'l':
				opcount = snprintf(op, opleft,"%ld",
				  (long)getLong (dp));
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				dp += 4;
				break;
			      case 'L':
				opcount = snprintf(op, opleft, "%ld",
				  (unsigned long)getULong (dp));
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				dp += 4;
				break;
			      case 's':
				opcount = snprintf(op, opleft, "%d",
				  getShort (dp));
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				dp += 2;
				break;
			      case 'S':
				opcount = snprintf(op, opleft, "%d",
				  getUShort (dp));
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				dp += 2;
				break;
			      case 'b':
				opcount = snprintf(op, opleft, "%d",
				  *(char *)dp++);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				break;
			      case 'B':
				opcount = snprintf(op, opleft, "%d", *dp++);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				break;
			      case 'x':
				opcount = snprintf(op, opleft, "%x", *dp++);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				break;
			      case 'f':
				opcount = strlcpy(op,
				  *dp++ ? "true" : "false", opleft);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				break;
			      default:
				warn ("Unexpected format code %c", fmtbuf [j]);
			}
			op += strlen (op);
			opleft -= strlen(op);
			if (opleft < 1)
				goto toobig;
			if (j + 1 < numelem && comma != ':') {
				*op++ = ' ';
				opleft--;
			}
		}
		if (i + 1 < numhunk) {
			*op++ = comma;
			opleft--;
		}
		if (opleft < 1)
			goto toobig;

	}
	return optbuf;
 toobig:
	warn ("dhcp option too large");
	return "<error>";
}

void do_packet (interface, packet, len, from_port, from, hfrom)
	struct interface_info *interface;
	struct dhcp_packet *packet;
	int len;
	unsigned int from_port;
	struct iaddr from;
	struct hardware *hfrom;
{
	struct packet tp;
	int i;

	if (packet -> hlen > sizeof packet -> chaddr) {
		note ("Discarding packet with invalid hlen.");
		return;
	}

	memset (&tp, 0, sizeof tp);
	tp.raw = packet;
	tp.packet_length = len;
	tp.client_port = from_port;
	tp.client_addr = from;
	tp.interface = interface;
	tp.haddr = hfrom;

	parse_options (&tp);
	if (tp.options_valid &&
	    tp.options [DHO_DHCP_MESSAGE_TYPE].data)
		tp.packet_type =
			tp.options [DHO_DHCP_MESSAGE_TYPE].data [0];
	if (tp.packet_type)
		dhcp (&tp);
	else
		bootp (&tp);

	/* Free the data associated with the options. */
	for (i = 0; i < 256; i++) {
		if (tp.options [i].len && tp.options [i].data)
			dfree (tp.options [i].data, "do_packet");
	}
}