unbound: drop odhcpd leases with wrong field count

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com> (cherry pick commit: 59617f076d)
2018-08-16 21:37:43 -04:00 · 2018-08-16 21:37:43 -04:00 · cad5ceed6a
parent 7dd5529bf8
commit cad5ceed6a
2 changed files with 62 additions and 60 deletions
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=unbound
 PKG_VERSION:=1.6.8
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
--- a/net/unbound/files/odhcpd.awk
+++ b/net/unbound/files/odhcpd.awk
@ -37,6 +37,12 @@
  sub( /.*\//, "", cdr2 ) ;


+  if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) {
+    # that is not a valid host name (RFC1123)
+    hst = "-" ;
+  }
+
+
  if ( bisolt == 1 ) {
    # TODO: this might be better with a substituion option,
    # or per DHCP pool do-not-DNS option, but its getting busy here.
@ -50,81 +56,73 @@
  }


-  if ( cls == "ipv4" ) {
-    if ( NF == 8 ) {
-      # odhcpd errata in field format without host name
-      adr = $8 ; hst = "-" ; cdr = adr ;
-      sub( /\/.*/, "", adr ) ;
-      sub( /.*\//, "", cdr ) ;
+  if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) {
+    # IPV4 ; only for provided hostnames and full /32 assignments
+    # NF=9 ; odhcpd errata in field format without host name
+    ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
+    slaac = slaac_eui64( id ) ;
+
+
+    if ( bconf == 1 ) {
+      x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ;
+      y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+      print ( x "\n" y "\n" ) > hostfile ;
+    }
+
+    else {
+      for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+      x = ( fqdn ". 120 IN A " adr ) ;
+      y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
+      print ( x "\n" y ) > hostfile ;
    }


-    if (( cdr == 32 ) && ( hst != "-" )) {
-      # only for provided hostnames and full /32 assignments
-      ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
-      slaac = slaac_eui64( id ) ;
+    if (( bslaac == 1 ) && ( slaac != 0 )) {
+      # UCI option to discover IPV6 routed SLAAC addresses
+      # NOT TODO - ping probe take too long when added in awk-rule loop
+      cmd = ( "ip -6 --oneline route show dev " net ) ;


-      if ( bconf == 1 ) {
-        x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ;
-        y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
-        print ( x "\n" y ) > hostfile ;
-      }
-
-      else {
-        for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
-        x = ( fqdn ". 120 IN A " adr ) ;
-        y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
-        print ( x "\n" y ) > hostfile ;
-      }
+      while ( ( cmd | getline adr ) > 0 ) {
+        if (( substr( adr, 1, 5 ) <= "fdff:" ) \
+        && ( index( adr, "anycast" ) == 0 ) \
+        && ( index( adr, "via" ) == 0 )) {
+          # GA or ULA routed addresses only (not LL or MC)
+          sub( /\/.*/, "", adr ) ;
+          adr = ( adr slaac ) ;


-      if (( bslaac == 1 ) && ( slaac != 0 )) {
-        # UCI option to discover IPV6 routed SLAAC addresses
-        # NOT TODO - ping probe take too long when added in awk-rule loop
-        cmd = ( "ip -6 --oneline route show dev " net ) ;
+          if ( split( adr, tmp0, ":" ) > 8 ) {
+            sub( "::", ":", adr ) ;
+          }


-        while ( ( cmd | getline adr ) > 0 ) {
-          if (( substr( adr, 1, 5 ) <= "fd00:" ) \
-          && ( index( adr, "via" ) == 0 )) {
-            # GA or ULA routed addresses only (not LL or MC)
-            sub( /\/.*/, "", adr ) ;
-            adr = ( adr slaac ) ;
-            
-            
-            if ( split( adr, tmp0, ":" ) >= 8 ) { 
-              sub( "::", ":", adr ) ; 
-            }
+          if ( bconf == 1 ) {
+            x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
+            y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+            print ( x "\n" y "\n" ) > hostfile ;
+          }

-
-            if ( bconf == 1 ) {
-              x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
-              y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
-              print ( x "\n" y ) > hostfile ;
-            }
-
-            else {
-              qpr = ipv6_ptr( adr ) ;
-              x = ( fqdn ". 120 IN AAAA " adr ) ;
-              y = ( qpr ". 120 IN PTR " fqdn ) ;
-              print ( x "\n" y ) > hostfile ;
-            }
+          else {
+            qpr = ipv6_ptr( adr ) ;
+            x = ( fqdn ". 120 IN AAAA " adr ) ;
+            y = ( qpr ". 120 IN PTR " fqdn ) ;
+            print ( x "\n" y ) > hostfile ;
          }
        }
-
-
-        close( cmd ) ;
      }
+
+
+      close( cmd ) ;
    }
  }

-  else {
-    if (( cdr == 128 ) && ( hst != "-" )) {
+  else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) {
+    if (cdr == 128) {
      if ( bconf == 1 ) {
        x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
        y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
-        print ( x "\n" y ) > hostfile ;
+        print ( x "\n" y "\n" ) > hostfile ;
      }

      else {
@ -135,12 +133,12 @@
        print ( x "\n" y ) > hostfile ;
      }
    }
-    
-    if (( cdr2 == 128 ) && ( hst != "-" )) {
+
+    if (cdr2 == 128) {
      if ( bconf == 1 ) {
        x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ;
        y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ;
-        print ( x "\n" y ) > hostfile ;
+        print ( x "\n" y "\n" ) > hostfile ;
      }

      else {
@ -152,6 +150,10 @@
      }
    }
  }
+
+  else {
+    # dump non-conforming lease records
+  }
 }

 ##############################################################################