diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2020-01-14 16:05:48 (GMT) |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2020-01-14 16:07:18 (GMT) |
| commit | 020abc8856f94d6e355f4daa972ac75fb05ae113 (patch) | |
| tree | 80b17c194d00325fb131d61da4a1876d9f9cba9f | |
| parent | 9ec836c033fc6e55e80f3309b3e05acdf09bb297 (diff) | |
| download | busybox-020abc8856f94d6e355f4daa972ac75fb05ae113.zip busybox-020abc8856f94d6e355f4daa972ac75fb05ae113.tar.gz busybox-020abc8856f94d6e355f4daa972ac75fb05ae113.tar.bz2 | |
udhcpd: mangle hostnames starting with dash ("-option")
function old new delta
add_lease 316 328 +12
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/udhcp/dhcpd.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c index 3e08ec0..9d66049 100644 --- a/networking/udhcp/dhcpd.c +++ b/networking/udhcp/dhcpd.c @@ -192,6 +192,8 @@ static struct dyn_lease *add_lease( * but merely make dumpleases output safe for shells to use. * We accept "0-9A-Za-z._-", all other chars turn to dots. */ + if (*p == '-') + *p = '.'; /* defeat "-option" attacks too */ while (*p) { if (!isalnum(*p) && *p != '-' && *p != '_') *p = '.'; |