From 4a85f18938e4bf2b1c33a4db1801a5f72c0b8787 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 11 Feb 2016 23:50:47 +0000
Subject: [PATCH] Add TFTP/PXE-related DHCP options. patch by Mike Rykowski

---
 CHANGELOG       |  4 ++++
 nselib/dhcp.lua | 10 ++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index ea271a583..c0520061e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added support for DHCP options "TFTP server name" and "Bootfile name"
+  to dhcp.lua and enabled checking for options with a code above 61 by default.
+  [Mike Rykowski]
+
 o Removed 6/8, 7/8, and 55/8 networks from the list of "reserved" IP addresses
   that Nmap uses to filter -iR randomly generated targets. These address ranges
   belong to the U.S. Department of Defense, so users wanting to avoid those
diff --git a/nselib/dhcp.lua b/nselib/dhcp.lua
index b3f943cc2..81941dbc2 100644
--- a/nselib/dhcp.lua
+++ b/nselib/dhcp.lua
@@ -346,6 +346,8 @@ actions[58] = {name="Renewal Time Value",              func=read_time,
 actions[59] = {name="Rebinding Time Value",            func=read_time,           default=false}
 actions[60] = {name="Class Identifier",                func=read_string,         default=false}
 actions[61] = {name="Client Identifier (client)",      func=read_string,         default=false}
+actions[66] = {name="TFTP Server Name",                func=read_string,         default=false}
+actions[67] = {name="Bootfile Name",                   func=read_string,         default=false}
 actions[252]= {name="WPAD",                            func=read_string,         default=false}
 
 --- Does the send/receive, doesn't build/parse anything.
@@ -411,13 +413,9 @@ function dhcp_build(request_type, ip_address, mac_address, options, request_opti
   if(request_options == nil) then
     -- Request the defaults, or there's no verbosity; otherwise, request everything!
     request_options = ''
-    for i = 1, 61, 1 do
-      if(nmap.verbosity() > 0) then
+    for i,v in pairs(actions) do
+      if(v.default or nmap.verbosity() > 0) then
         request_options = request_options .. string.char(i)
-      else
-        if(actions[i] and actions[i].default) then
-          request_options = request_options .. string.char(i)
-        end
       end
     end
   end