[PATCH] udhcpd: do not hand out an address that is reserved for another machine
Ramsay, Lincoln
Lincoln.Ramsay at digi.com
Tue Feb 9 06:34:13 UTC 2021
If a client sends a DHCP DISCOVER with a DHCP_REQUESTED_IP that is a
static lease for another machine, do not allow it.
Signed-off-by: Lincoln Ramsay <lincoln.ramsay at opengear.com>
---
I sent this patch back in December but didn't see any replies. I'm sending it again just in case it was missed due to the holidays :)
If a machine sends a DHCPDISCOVER with DHCP_REQUESTED_IP, the server should only allow it if it falls in the valid range, if it is not already leased out, or if it has not been reserved for another machine (via static reservation).
However, udhcpd skips this last check, which allows a misbehaving client to steal a machine's statically-allocated address.
We discovered this by changing a static reservation, only to find that the address was being used by the wrong machine because udhcpd was allowing it to steal the address.
The patch here will cause the server to ignore the DHCP_REQUESTED_IP in the event that it is a static lease for another machine. The server will fall back to the available pool of addresses as if the DHCP_REQUESTED_IP was not included.
networking/udhcp/dhcpd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
index 9d66049..20c3956 100644
--- a/networking/udhcp/dhcpd.c
+++ b/networking/udhcp/dhcpd.c
@@ -743,6 +743,8 @@ static NOINLINE void send_offer(struct dhcp_packet *oldpacket,
/* and the IP is in the lease range */
&& ntohl(requested_nip) >= server_data.start_ip
&& ntohl(requested_nip) <= server_data.end_ip
+ /* and the IP does not belong to a static lease for a different machine */
+ && !is_nip_reserved_as_static(requested_nip)
/* and */
&& ( !(lease = find_lease_by_nip(requested_nip)) /* is not already taken */
|| is_expired_lease(lease) /* or is taken, but expired */
--
2.17.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20210209/e7591de3/attachment-0001.html>
More information about the busybox
mailing list