- Strict checks for content of domain-name DHCPv4 option can now be

configured during compilation time. Even though RFC2132 does not allow to store more than one domain in domain-name option, such behavior is now enabled by default, but this may change some time in the future. See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h. [ISC-Bugs #24167]
2025-08-22 09:57:20 +00:00 · 2011-07-01 12:07:09 +00:00 · 2011-07-01 12:07:09 +00:00 · d15aa96419
commit d15aa96419
parent f8cc78bad3
6 changed files with 48 additions and 28 deletions
--- a/7
+++ b/7
@ -174,6 +174,13 @@ work on other platforms. Please report any problems and suggested fixes to
 - In Solaris 11 switch to using sockets instead of DLPI, thanks
  to a patch form Oracle.  [ISC-Bugs #24634].

+- Strict checks for content of domain-name DHCPv4 option can now be 
+  configured during compilation time. Even though RFC2132 does not allow 
+  to store more than one domain in domain-name option, such behavior is 
+  now enabled by default, but this may change some time in the future.
+  See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
+  [ISC-Bugs #24167]
+
 			Changes since 4.2.0

 - Documentation cleanup covering multiple tickets
--- a/client/dhclient.c
+++ b/client/dhclient.c
@ -4201,8 +4201,13 @@ static int check_option_values(struct universe *universe,
 	/* just reject options we want to protect, will be escaped anyway */
 	if ((universe == NULL) || (universe == &dhcp_universe)) {
 		switch(opt) {
-		      case DHO_HOST_NAME:
 		      case DHO_DOMAIN_NAME:
+#ifdef ACCEPT_LIST_IN_DOMAIN_NAME
+			      return check_domain_name_list(ptr, len, 0);
+#else
+			      return check_domain_name(ptr, len, 0);
+#endif
+		      case DHO_HOST_NAME:
 		      case DHO_NIS_DOMAIN:
 		      case DHO_NETBIOS_SCOPE:
 			return check_domain_name(ptr, len, 0);
--- a/common/parse.c
+++ b/common/parse.c
@ -3324,6 +3324,33 @@ int parse_boolean_expression (expr, cfile, lose)
 	return 1;
 }

+/* boolean :== ON SEMI | OFF SEMI | TRUE SEMI | FALSE SEMI */
+
+int parse_boolean (cfile)
+	struct parse *cfile;
+{
+	enum dhcp_token token;
+	const char *val;
+	int rv;
+
+	token = next_token (&val, (unsigned *)0, cfile);
+	if (!strcasecmp (val, "true")
+	    || !strcasecmp (val, "on"))
+		rv = 1;
+	else if (!strcasecmp (val, "false")
+		 || !strcasecmp (val, "off"))
+		rv = 0;
+	else {
+		parse_warn (cfile,
+			    "boolean value (true/false/on/off) expected");
+		skip_to_semi (cfile);
+		return 0;
+	}
+	parse_semi (cfile);
+	return rv;
+}
+
+
 /*
 * data_expression :== SUBSTRING LPAREN data-expression COMMA
 *					numeric-expression COMMA
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@ -1899,7 +1899,6 @@ void parse_failover_state (struct parse *,
 #endif
 int permit_list_match (struct permit *, struct permit *);
 void parse_pool_statement (struct parse *, struct group *, int);
-int parse_boolean (struct parse *);
 int parse_lbrace (struct parse *);
 void parse_host_declaration (struct parse *, struct group *);
 int parse_class_declaration (struct class **, struct parse *,
@ -1982,6 +1981,7 @@ int parse_if_statement (struct executable_statement **,
 			struct parse *, int *);
 int parse_boolean_expression (struct expression **,
 			      struct parse *, int *);
+int parse_boolean (struct parse *);
 int parse_data_expression (struct expression **,
 			   struct parse *, int *);
 int parse_numeric_expression (struct expression **,
--- a/includes/site.h
+++ b/includes/site.h
@ -216,3 +216,10 @@
   source port of the message it received.  This is useful for testing
   but is only included for backwards compatibility. */
 /* #define REPLY_TO_SOURCE_PORT */
+
+/* Define this if you want to allow domain list in domain-name option.
+   RFC2132 does not allow that behavior, but it is somewhat used due
+   to historic reasons. Note that it may be removed some time in the
+   future. */
+
+#define ACCEPT_LIST_IN_DOMAIN_NAME
--- a/server/confpars.c
+++ b/server/confpars.c
@ -1721,32 +1721,6 @@ cleanup:
 	pool_dereference (&pool, MDL);
 }

-/* boolean :== ON SEMI | OFF SEMI | TRUE SEMI | FALSE SEMI */
-
-int parse_boolean (cfile)
-	struct parse *cfile;
-{
-	enum dhcp_token token;
-	const char *val;
-	int rv;
-
-	token = next_token (&val, (unsigned *)0, cfile);
-	if (!strcasecmp (val, "true")
-	    || !strcasecmp (val, "on"))
-		rv = 1;
-	else if (!strcasecmp (val, "false")
-		 || !strcasecmp (val, "off"))
-		rv = 0;
-	else {
-		parse_warn (cfile,
-			    "boolean value (true/false/on/off) expected");
-		skip_to_semi (cfile);
-		return 0;
-	}
-	parse_semi (cfile);
-	return rv;
-}
-
 /* Expect a left brace; if there isn't one, skip over the rest of the
   statement and return zero; otherwise, return 1. */