| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 May 2023 12:06:53 +0200
From: Martin Wetterwald <martin@...terwald.eu>
To: davem@...emloft.net, dsahern@...nel.org
Cc: netdev@...r.kernel.org
Subject: [PATCH] net: ipconfig: Allow DNS to be overwritten by DHCPACK
Some DHCP server implementations only send the important requested DHCP
options in the final BOOTP reply (DHCPACK).
One example is systemd-networkd.
However, RFC2131, in section 4.3.1 states:
> Once the network address and lease have been determined, the server
> constructs a DHCPOFFER message with the offered configuration
> parameters.
> [...]
> The server MUST return to the client:
> [...]
> o Parameters requested by the client, according to the following
> rules:
>
> -- IF the server has been explicitly configured with a default
> value for the parameter, the server MUST include that value
> in an appropriate option in the 'option' field, ELSE
I've reported the issue here:
https://github.com/systemd/systemd/issues/27471
Linux PNP DHCP client implementation only takes into account the DNS
servers received in the first BOOTP reply (DHCPOFFER).
This usually isn't an issue as servers are required to put the same
values in the DHCPOFFER and DHCPACK.
However, RFC2131, in section 4.3.2 states:
> Any configuration parameters in the DHCPACK message SHOULD NOT
> conflict with those in the earlier DHCPOFFER message to which the
> client is responding. The client SHOULD use the parameters in the
> DHCPACK message for configuration.
When making Linux PNP DHCP client (cmdline ip=dhcp) interact with
systemd-networkd DHCP server, an interesting "protocol misunderstanding"
happens:
Because DNS servers were only specified in the DHCPACK and not in the
DHCPOFFER, Linux will not catch the correct DNS servers: in the first
BOOTP reply (DHCPOFFER), it sees that there is no DNS, and sets as
fallback the IP of the DHCP server itself. When the second BOOTP reply
comes (DHCPACK), it's already too late: the kernel will not overwrite
the fallback setting it has set previously.
This patch makes the kernel care more about the latest BOOTP reply
received for DNS servers selection. A subsequent BOOTP reply wins (in
the case of DHCP, this makes DHCPACK win over DHCPOFFER).
Signed-off-by: Martin Wetterwald <martin@...terwald.eu>
---
net/ipv4/ipconfig.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index e90bc0aa85c7..c125095453da 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -937,9 +937,11 @@ static void __init ic_do_bootp_ext(u8 *ext)
servers= *ext/4;
if (servers > CONF_NAMESERVERS_MAX)
servers = CONF_NAMESERVERS_MAX;
- for (i = 0; i < servers; i++) {
- if (ic_nameservers[i] == NONE)
+ for (i = 0; i < CONF_NAMESERVERS_MAX; i++) {
+ if (i < servers)
memcpy(&ic_nameservers[i], ext+1+4*i, 4);
+ else
+ ic_nameservers[i] = NONE;
}
break;
case 12: /* Host name */
--
2.40.1
Powered by blists - more mailing lists