From 59617f076d7cbdd04a341bf7cfb5f3d9772b5765 Mon Sep 17 00:00:00 2001
From: Eric Luehrsen <ericluehrsen@gmail.com>
Date: Thu, 16 Aug 2018 21:37:43 -0400
Subject: [PATCH] unbound: drop odhcpd leases with wrong field count

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
---
 net/unbound/Makefile         |   2 +-
 net/unbound/files/odhcpd.awk | 109 ++++++++++++++++++-----------------
 2 files changed, 56 insertions(+), 55 deletions(-)

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 72c4bfc48b..3700c24d1d 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.7.3
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk
index ca0595773e..b97f2f1aab 100644
--- a/net/unbound/files/odhcpd.awk
+++ b/net/unbound/files/odhcpd.awk
@@ -37,6 +37,12 @@
   sub( /.*\//, "", cdr2 ) ;
 
 
+  if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) {
+    # that is not a valid host name (RFC1123)
+    hst = "-" ;
+  }
+
+
   if ( bisolt == 1 ) {
     # TODO: this might be better with a substituion option,
     # or per DHCP pool do-not-DNS option, but its getting busy here.
@@ -50,78 +56,69 @@
   }
 
 
-  if ( cls == "ipv4" ) {
-    if ( NF == 8 ) {
-      # odhcpd errata in field format without host name
-      adr = $8 ; hst = "-" ; cdr = adr ;
-      sub( /\/.*/, "", adr ) ;
-      sub( /.*\//, "", cdr ) ;
-    }
-
-
-    if (( cdr == 32 ) && ( hst != "-" )) {
-      # only for provided hostnames and full /32 assignments
-      ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
-      slaac = slaac_eui64( id ) ;
+  if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) {
+    # IPV4 ; only for provided hostnames and full /32 assignments
+    # NF=9 ; odhcpd errata in field format without host name
+    ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
+    slaac = slaac_eui64( id ) ;
 
 
-      if ( bconf == 1 ) {
-        x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
-        y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
-        print ( x "\n" y "\n" ) > hostfile ;
-      }
+    if ( bconf == 1 ) {
+      x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
+      y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
+      print ( x "\n" y "\n" ) > hostfile ;
+    }
 
-      else {
-        for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
-        x = ( fqdn ". 300 IN A " adr ) ;
-        y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
-        print ( x "\n" y ) > hostfile ;
-      }
+    else {
+      for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+      x = ( fqdn ". 300 IN A " adr ) ;
+      y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
+      print ( x "\n" y ) > hostfile ;
+    }
 
 
-      if (( bslaac == 1 ) && ( slaac != 0 )) {
-        # UCI option to discover IPV6 routed SLAAC addresses
-        # NOT TODO - ping probe take too long when added in awk-rule loop
-        cmd = ( "ip -6 --oneline route show dev " net ) ;
+    if (( bslaac == 1 ) && ( slaac != 0 )) {
+      # UCI option to discover IPV6 routed SLAAC addresses
+      # NOT TODO - ping probe take too long when added in awk-rule loop
+      cmd = ( "ip -6 --oneline route show dev " net ) ;
 
 
-        while ( ( cmd | getline adr ) > 0 ) {
-          if (( substr( adr, 1, 5 ) <= "fdff:" ) \
-          && ( index( adr, "anycast" ) == 0 ) \
-          && ( index( adr, "via" ) == 0 )) {
-            # GA or ULA routed addresses only (not LL or MC)
-            sub( /\/.*/, "", adr ) ;
-            adr = ( adr slaac ) ;
+      while ( ( cmd | getline adr ) > 0 ) {
+        if (( substr( adr, 1, 5 ) <= "fdff:" ) \
+        && ( index( adr, "anycast" ) == 0 ) \
+        && ( index( adr, "via" ) == 0 )) {
+          # GA or ULA routed addresses only (not LL or MC)
+          sub( /\/.*/, "", adr ) ;
+          adr = ( adr slaac ) ;
 
 
-            if ( split( adr, tmp0, ":" ) > 8 ) {
-              sub( "::", ":", adr ) ;
-            }
+          if ( split( adr, tmp0, ":" ) > 8 ) {
+            sub( "::", ":", adr ) ;
+          }
 
 
-            if ( bconf == 1 ) {
-              x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
-              y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
-              print ( x "\n" y "\n" ) > hostfile ;
-            }
+          if ( bconf == 1 ) {
+            x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
+            y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
+            print ( x "\n" y "\n" ) > hostfile ;
+          }
 
-            else {
-              qpr = ipv6_ptr( adr ) ;
-              x = ( fqdn ". 300 IN AAAA " adr ) ;
-              y = ( qpr ". 300 IN PTR " fqdn ) ;
-              print ( x "\n" y ) > hostfile ;
-            }
+          else {
+            qpr = ipv6_ptr( adr ) ;
+            x = ( fqdn ". 300 IN AAAA " adr ) ;
+            y = ( qpr ". 300 IN PTR " fqdn ) ;
+            print ( x "\n" y ) > hostfile ;
           }
         }
+      }
 
 
-        close( cmd ) ;
-      }
+      close( cmd ) ;
     }
   }
 
-  else {
-    if (( cdr == 128 ) && ( hst != "-" )) {
+  else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) {
+    if (cdr == 128) {
       if ( bconf == 1 ) {
         x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
         y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
@@ -137,7 +134,7 @@
       }
     }
 
-    if (( cdr2 == 128 ) && ( hst != "-" )) {
+    if (cdr2 == 128) {
       if ( bconf == 1 ) {
         x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ;
         y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ;
@@ -153,6 +150,10 @@
       }
     }
   }
+
+  else {
+    # dump non-conforming lease records
+  }
 }
 
 ##############################################################################
-- 
2.30.2