From 7ffe9830cf5b8945234e500cd70262fd1f5cf73f Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Sun, 14 Nov 2010 05:58:34 +0000
Subject: [package] busybox: add 6RD prefix sanity checking as mandated by
 RFC5969, bump pkg revision

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23990 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/busybox/Makefile                           |  2 +-
 .../patches/244-udhcpc_add_6rd_option.patch        | 58 +++++++++++++---------
 2 files changed, 35 insertions(+), 25 deletions(-)

(limited to 'package/busybox')

diff --git a/package/busybox/Makefile b/package/busybox/Makefile
index e3e51646c..f7e64c097 100644
--- a/package/busybox/Makefile
+++ b/package/busybox/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
 PKG_VERSION:=1.17.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
diff --git a/package/busybox/patches/244-udhcpc_add_6rd_option.patch b/package/busybox/patches/244-udhcpc_add_6rd_option.patch
index 25c5ebf6f..303770858 100644
--- a/package/busybox/patches/244-udhcpc_add_6rd_option.patch
+++ b/package/busybox/patches/244-udhcpc_add_6rd_option.patch
@@ -58,7 +58,7 @@
  /* really simple implementation, just count the bits */
  static int mton(uint32_t mask)
  {
-@@ -177,6 +195,60 @@ static NOINLINE char *xmalloc_optname_op
+@@ -177,6 +195,70 @@ static NOINLINE char *xmalloc_optname_op
  
  			return ret;
  		}
@@ -85,33 +85,43 @@
 +			 * We convert it to a string "IPv4MaskLen 6rdPrefixLen 6rdPrefix 6rdBRIPv4Address"
 +			 */
 +
-+			/* IPv4MaskLen */
-+			dest += sprintf(dest, "%u ", *option++);
-+			len--;
++			/* Sanity check: ensure that our length is at least 22 bytes, that
++			 * IPv4MaskLen is <= 32, 6rdPrefixLen <= 128 and that the sum of
++			 * (32 - IPv4MaskLen) + 6rdPrefixLen is less than or equal to 128.
++			 * If any of these requirements is not fulfilled, return with empty
++			 * value.
++			 */
++			if ((len >= 22) && (*option <= 32) && (*(option+1) <= 128) &&
++			    (((32 - *option) + *(option+1)) <= 128))
++			{
++				/* IPv4MaskLen */
++				dest += sprintf(dest, "%u ", *option++);
++				len--;
 +
-+			/* 6rdPrefixLen */
-+			dest += sprintf(dest, "%u ", *option++);
-+			len--;
++				/* 6rdPrefixLen */
++				dest += sprintf(dest, "%u ", *option++);
++				len--;
 +
-+			/* 6rdPrefix */
-+			dest += sprint_nip6(dest, "", option);
-+			option += 16;
-+			len -= 16;
++				/* 6rdPrefix */
++				dest += sprint_nip6(dest, "", option);
++				option += 16;
++				len -= 16;
 +
-+			/* 6rdBRIPv4Addresses */
-+			while (len >= 4)
-+			{
-+				dest += sprint_nip(dest, " ", option);
-+				option += 4;
-+				len -= 4;
++				/* 6rdBRIPv4Addresses */
++				while (len >= 4)
++				{
++					dest += sprint_nip(dest, " ", option);
++					option += 4;
++					len -= 4;
 +
-+				/* the code to determine the option size fails to work with
-+				 * lengths that are not a multiple of the minimum length,
-+				 * adding all advertised 6rdBRIPv4Addresses here would
-+				 * overflow the destination buffer, therefore skip the rest
-+				 * for now
-+				 */
-+				break;
++					/* the code to determine the option size fails to work with
++					 * lengths that are not a multiple of the minimum length,
++					 * adding all advertised 6rdBRIPv4Addresses here would
++					 * overflow the destination buffer, therefore skip the rest
++					 * for now
++					 */
++					break;
++				}
 +			}
 +
 +			return ret;
-- 
cgit v1.2.3