From 020abc8856f94d6e355f4daa972ac75fb05ae113 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Tue, 14 Jan 2020 17:05:48 +0100
Subject: udhcpd: mangle hostnames starting with dash ("-option")

function                                             old     new   delta
add_lease                                            316     328     +12

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 networking/udhcp/dhcpd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
index 3e08ec011..9d6604943 100644
--- a/networking/udhcp/dhcpd.c
+++ b/networking/udhcp/dhcpd.c
@@ -192,6 +192,8 @@ static struct dyn_lease *add_lease(
 			 * but merely make dumpleases output safe for shells to use.
 			 * We accept "0-9A-Za-z._-", all other chars turn to dots.
 			 */
+			if (*p == '-')
+				*p = '.'; /* defeat "-option" attacks too */
 			while (*p) {
 				if (!isalnum(*p) && *p != '-' && *p != '_')
 					*p = '.';
-- 
cgit v1.2.3