dhcp_handlebootp handled zero sized packets correctly, but
dhcp_redirect_dhcp did not have such protection. Move size check before
both of them. Size when called from dhcp_packet is checked by
is_packet_udp_bootp call. Only dhcp_recvmsg needs earlier checking to be
added.
Fixes#283
Also, drop the lease.
This should get us a new address from the DHCP server when we
re-enter DISCOVER to avoid looping on the same address and fail
again.
RFC 5227 recommends 3 ways to deal with address conflict detection.
a) Stop everything.
b) Defend and then stop on fail - this is what dhcpcd currently does.
c) Notify and carry on.
The current change implements the option c. A new option arp_persistdefence
has been added and when this is enabled, the a defence is attempted upon a
conflict and when that fails, an error is logged on every other conflict
within the DEFEND_INTERVAL and the current IP address is retained.
Fixes#272
- is an invalid interface name.
So we take this to mean don't assign the Delegated Prefix to
any interfaces.
The reject route for the Delegated Prefix is still installed.
Fixes#270
Changing from PD to IA or IA to PD can result in a diagnostic
when there is no address to confirm AND we haven't loaded
a lease.
This improves the check and no more Success errors should
be reported.
We need the full configuration - for example dhcpcd.conf
might have environment options for the hooks for the interface
being activated.
Because we now guard against starting protocols with IF_ACTIVE_USER
this is safe.
Fixes#257.
For some reason, the stdio callback is extremely flaky on
*some* Linux based distributions making it very hard to debug some
things.
Removing it is fine because we now enforce that we have file descriptors
for stdin, stdout and stdrr on launch and dup them to /dev/null on daemonise.
It's also interesting to see behavioural differences between
some socketpair implementations that emit a HANGUP and some don't.
As such, we now close the fork socket on daemonise once more AND
in the fork_cb depending on if we hangup or read zero first.
Fixes#262
This fixes non privsep builds where the launcher reports dhcpcd
hungup. Unsure why this happens, but it should not be a problem.
While here, shutdown has no effect on non STREAM sockets and
remove the silly error logging in fork_cb that we read an
error. We already printed the error so this makes no sense.
Hopefully fixes#262.
Closing it early results in zero length reads in some situations.
Logging that we forked via the launcher process also make more sense
and allows us to use log* functions.
While here, handle error condtions better by forcing a return
rather than handling an invalid state.
Fixes#260.
These won't be optimised away by the compiler and our arc4random
compat function should use them *if* available.
If none are then a warning will be emitted to say it's potentially insecure.
Hopefully only uclibc users will see this message.
Fixes#252.
This allows us to dup stdout and stderr onto stdin which is
guaranteed to be dupped to /dev/null.
This in turn avoids SIGPIPE when the privileged proccess launches
the script and it wants to write to stdout/stderr or stupidly
read from stdin.
Use memset instead of explicit_bzero to avoid the following build
failure with uclibc-ng since version 10.0.3 and
837d09e34c:
/home/fabrice/buildroot/output/host/lib/gcc/arm-buildroot-linux-uclibcgnueabi/12.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../compat/arc4random.o: in function `_rs_stir_if_needed':
arc4random.c:(.text+0x8cc): undefined reference to `explicit_bzero'
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
musl libc doesn't have __NR_clock_gettime definition,
but has __NR_clock_gettime32. clock_gettime implementation
fallbacks to 32-bit version if 64-bit is not supported by the kernel.
Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
The issue occured while compiled by musl toolchain:
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = ?
+++ killed by SIGSYS +++
This patchs allows seccomp to make __NR_mmap2 syscall.
Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
Currently we don't attempt to validate a uri given, aside from
not allowing any space characters within.
If the option is `array uri` then the first two bytes are the
length of the uri in network order and the rest is a uri element.
The uri's are space separated for the variable because space is not
allowed within the uri.
This allows us to implement RFC 8572, Secure Zero Touch Provisioning.
* compat: use OpenSSL RAND_priv_bytes() for entropy
Use OpenSSL random number generator to seed arc4random() if available,
if it fails fall back to /dev/urandom.
* tests: link eloop-bench against LDADD lib
arc4random might depend on libcrypto so we need to link it.
The payload of the prefix exclude option was correctly created
but the amount of bytes to send in the DHCPv6 request was
always set to 0 which resulted in an invalid prefix exclude option
This patch fixes this behavior by calculating the correct amount
of bytes to send.
Privsep has a mini-eloop for reading data from other processes.
This mini-eloop processes signals as well so we can reap children.
During teardown we don't want to process SIGTERM or SIGINT again,
as that could trigger memory issues.
Hopefully fixes#247.
The optind get overwritten by reload_config(), so the reconf_reboot()
used a wrong argument count.
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
* compat: Add OpenSSL libcrypto compatibility layer
Detect libcrypto in configure script. Only fall back
to using libcrypto when /usr libs are allowed and no
other compatible implementation is available or when
--with-openssl is passed explicitly.
Make sure libcrypto and libmd are never linked at the
same time.
Add OpenSSL based SHA256 and HMAC compat shims in
compat/crypt_openssl. Depeding on version and build flags,
libcrypto ships with a compatible SHA256 API in
"openssl/sha.h". OpenSSL 3 has deprecated the SHA API,
so if it is not detected we fall back to an EVP_DIGEST
based version.
Because the API might still be in use in OpenSSL internally,
the compatibility wrappers have a dhcpcd_ prefix to avoid
symbol conflicts.
* Add sha256 tests based on the existing hmac-md5 tests.
