From 9f0fdfccc25ce5d533b018a10518c2fcfad0f52e Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 28 Jun 2017 08:24:57 +0200
Subject: [PATCH] dhcp4: own check for user class id strings (bsc#1045522)

---
 client/suse/compat-suse.c |  4 ++--
 dhcp4/dbus-api.c          |  3 ++-
 src/dhcp.c                | 27 +++++++++++++++++++++++++++
 src/dhcp.h                |  2 ++
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/client/suse/compat-suse.c b/client/suse/compat-suse.c
index 8c505834a..5aa7f0037 100644
--- a/client/suse/compat-suse.c
+++ b/client/suse/compat-suse.c
@@ -4961,7 +4961,7 @@ __ni_suse_parse_dhcp4_user_class(const ni_sysconfig_t *sc, ni_compat_netdev_t *c
 				ni_string_array_destroy(&names);
 				ni_string_array_destroy(&compat->dhcp4.user_class.class_id);
 				return FALSE;
-			} else if (!ni_check_domain_name(string, length, 0)) {
+			} else if (!ni_dhcp_check_user_class_id(string, length)) {
 				ni_warn("%s: %s contains suspect class id element: '%s'",
 					ni_basename(sc->pathname), prefix,
 					ni_print_suspect(string, length));
@@ -4982,7 +4982,7 @@ __ni_suse_parse_dhcp4_user_class(const ni_sysconfig_t *sc, ni_compat_netdev_t *c
 				ni_print_suspect(string, length));
 
 			return FALSE;
-		} else if (!ni_check_domain_name(string, length, 0)) {
+		} else if (!ni_dhcp_check_user_class_id(string, length)) {
 			ni_warn("%s: %s contains suspect class id string: '%s'",
 				ni_basename(sc->pathname), prefix,
 				ni_print_suspect(string, length));
diff --git a/dhcp4/dbus-api.c b/dhcp4/dbus-api.c
index 6d86c5efb..e0babf9f6 100644
--- a/dhcp4/dbus-api.c
+++ b/dhcp4/dbus-api.c
@@ -25,6 +25,7 @@
 #include <wicked/objectmodel.h>
 #include "appconfig.h"
 #include "dhcp4/dhcp4.h"
+#include "dhcp.h"
 
 static ni_dhcp4_request_t *	ni_objectmodel_dhcp4_request_from_dict(const ni_dbus_variant_t *);
 static void			__ni_objectmodel_dhcp4_device_release(ni_dbus_object_t *);
@@ -329,7 +330,7 @@ ni_objectmodel_dhcp4_request_set_user_class(ni_dbus_object_t *object,
 		if (format == NI_DHCP4_USER_CLASS_STRING && uc->class_id.count)
 			break; /* only one user class identifier for this format type */
 
-		if (!ni_check_domain_name(var->string_value, len, 0)) {
+		if (!ni_dhcp_check_user_class_id(var->string_value, len)) {
 			ni_warn("Suspect user class id string: '%s' obtained. Skipping.",
 				ni_print_suspect(var->string_value, len));
 			return FALSE;
diff --git a/src/dhcp.c b/src/dhcp.c
index ca67da7f4..a6b4a3e66 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -28,6 +28,7 @@
 #include <string.h>
 #include <limits.h>
 #include <errno.h>
+#include <ctype.h>
 #include <endian.h>
 #include <stdint.h>
 #include <inttypes.h>
@@ -1849,3 +1850,29 @@ ni_dhcp_fqdn_init(ni_dhcp_fqdn_t *fqdn)
 	}
 }
 
+ni_bool_t
+ni_dhcp_check_user_class_id(const char *id, size_t len)
+{
+	const unsigned char *ptr = (const unsigned char *)id;
+
+	if (!id || len == 0)
+		return FALSE;
+
+	for (; *ptr && len-- > 0; ++ptr) {
+		switch (*ptr) {
+		case '+':
+		case '-':
+		case '_':
+		case '.':
+		case ':':
+		case '/':
+			break;
+		default:
+			if (!isalnum(*ptr))
+				return FALSE;
+			break;
+		}
+	}
+	return TRUE;
+}
+
diff --git a/src/dhcp.h b/src/dhcp.h
index ed86e0ad9..a44a80cfb 100644
--- a/src/dhcp.h
+++ b/src/dhcp.h
@@ -142,4 +142,6 @@ extern ni_var_array_t *			ni_dhcp_option_to_vars(const ni_dhcp_option_t *, const
 extern ni_bool_t			ni_dhcp_domain_encode(ni_buffer_t *, const char *, ni_bool_t);
 extern ni_bool_t			ni_dhcp_domain_decode(ni_buffer_t *, char **);
 
+extern ni_bool_t			ni_dhcp_check_user_class_id(const char *, size_t);
+
 #endif /* WICKED_DHCP_H */