udhcpd: mangle hostnames starting with dash ("-option") function old new delta add_lease 316 328 +12 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

commit: 020abc8856f94d6e355f4daa972ac75fb05ae113 [log] [tgz]
author: Denys Vlasenko <vda.linux@googlemail.com> Tue Jan 14 17:05:48 2020 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> Tue Jan 14 17:07:18 2020 +0100
tree: 80b17c194d00325fb131d61da4a1876d9f9cba9f
parent: 9ec836c033fc6e55e80f3309b3e05acdf09bb297 [diff]
diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
index 3e08ec0..9d66049 100644
--- a/networking/udhcp/dhcpd.c
+++ b/networking/udhcp/dhcpd.c

@@ -192,6 +192,8 @@
 			 * but merely make dumpleases output safe for shells to use.
 			 * We accept "0-9A-Za-z._-", all other chars turn to dots.
 			 */
+			if (*p == '-')
+				*p = '.'; /* defeat "-option" attacks too */
 			while (*p) {
 				if (!isalnum(*p) && *p != '-' && *p != '_')
 					*p = '.';
commit	020abc8856f94d6e355f4daa972ac75fb05ae113	[log] [tgz]
author	Denys Vlasenko <vda.linux@googlemail.com>	Tue Jan 14 17:05:48 2020 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	Tue Jan 14 17:07:18 2020 +0100
tree	80b17c194d00325fb131d61da4a1876d9f9cba9f
parent	9ec836c033fc6e55e80f3309b3e05acdf09bb297 [diff]