lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFERDQ1yq=jBGu8e2qJeoNFYmKt4jeB835efsYMxGLbLf4cfbQ@mail.gmail.com>
Date: Wed, 3 May 2023 12:06:53 +0200
From: Martin Wetterwald <martin@...terwald.eu>
To: davem@...emloft.net, dsahern@...nel.org
Cc: netdev@...r.kernel.org
Subject: [PATCH] net: ipconfig: Allow DNS to be overwritten by DHCPACK

Some DHCP server implementations only send the important requested DHCP
options in the final BOOTP reply (DHCPACK).
One example is systemd-networkd.
However, RFC2131, in section 4.3.1 states:

> Once the network address and lease have been determined, the server
> constructs a DHCPOFFER message with the offered configuration
> parameters.
> [...]
> The server MUST return to the client:
> [...]
> o Parameters requested by the client, according to the following
>   rules:
>
>      -- IF the server has been explicitly configured with a default
>         value for the parameter, the server MUST include that value
>         in an appropriate option in the 'option' field, ELSE

I've reported the issue here:
https://github.com/systemd/systemd/issues/27471

Linux PNP DHCP client implementation only takes into account the DNS
servers received in the first BOOTP reply (DHCPOFFER).
This usually isn't an issue as servers are required to put the same
values in the DHCPOFFER and DHCPACK.
However, RFC2131, in section 4.3.2 states:

> Any configuration parameters in the DHCPACK message SHOULD NOT
> conflict with those in the earlier DHCPOFFER message to which the
> client is responding.  The client SHOULD use the parameters in the
> DHCPACK message for configuration.

When making Linux PNP DHCP client (cmdline ip=dhcp) interact with
systemd-networkd DHCP server, an interesting "protocol misunderstanding"
happens:
Because DNS servers were only specified in the DHCPACK and not in the
DHCPOFFER, Linux will not catch the correct DNS servers: in the first
BOOTP reply (DHCPOFFER), it sees that there is no DNS, and sets as
fallback the IP of the DHCP server itself. When the second BOOTP reply
comes (DHCPACK), it's already too late: the kernel will not overwrite
the fallback setting it has set previously.

This patch makes the kernel care more about the latest BOOTP reply
received for DNS servers selection. A subsequent BOOTP reply wins (in
the case of DHCP, this makes DHCPACK win over DHCPOFFER).

Signed-off-by: Martin Wetterwald <martin@...terwald.eu>
---
 net/ipv4/ipconfig.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index e90bc0aa85c7..c125095453da 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -937,9 +937,11 @@ static void __init ic_do_bootp_ext(u8 *ext)
         servers= *ext/4;
         if (servers > CONF_NAMESERVERS_MAX)
             servers = CONF_NAMESERVERS_MAX;
-        for (i = 0; i < servers; i++) {
-            if (ic_nameservers[i] == NONE)
+        for (i = 0; i < CONF_NAMESERVERS_MAX; i++) {
+            if (i < servers)
                 memcpy(&ic_nameservers[i], ext+1+4*i, 4);
+            else
+                ic_nameservers[i] = NONE;
         }
         break;
     case 12:    /* Host name */
-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ