diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2011-04-07 16:11:45 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2011-04-07 16:11:45 -0400 |
commit | 955f2d788edae3c65506ffa12de18e023fd95ae4 (patch) | |
tree | 436dc4897c907a41432776d56435d0f3eaa16503 /sbin | |
parent | e05458b052275b5ae881098f15695eba830aae46 (diff) | |
download | pfsense-955f2d788edae3c65506ffa12de18e023fd95ae4.zip pfsense-955f2d788edae3c65506ffa12de18e023fd95ae4.tar.gz |
Use some Seth egrep foo to protect from compromised DHCP servers. CVE-2011-0997
Diffstat (limited to 'sbin')
-rwxr-xr-x | sbin/dhclient-script | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sbin/dhclient-script b/sbin/dhclient-script index e51132e..0f409a3 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -232,13 +232,14 @@ add_new_resolv_conf() { if [ -n "$new_domain_name_servers" ]; then /bin/rm -f /var/etc/nameserver_$interface for nameserver in $new_domain_name_servers; do + nameserver_sanitized=`echo '$nameserver' | egrep -o '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|[0-9a-f]+:)'` # Add a route to the nameserver out the correct interface # so that mulitple wans work correctly with multiple dns # also backup the nameserver for later route removal - echo $nameserver >>/var/etc/nameserver_$interface - $ROUTE add $nameserver -iface $interface + echo '$nameserver_sanitized' >>/var/etc/nameserver_$interface + $ROUTE add $nameserver_sanitized -iface $interface done - echo $new_domain_name >/var/etc/searchdomain_$interface + echo $new_domain_name | egrep -o "[0-9\.]+" >/var/etc/searchdomain_$interface fi return 0 |