[SLOF] [PATCH] dhcp: check if the DHCPOFFER matches our MAC

Nikunj A Dadhania nikunj at linux.vnet.ibm.com
Mon Aug 1 03:13:49 AEST 2016


Thomas Huth <thuth at redhat.com> writes:

> On 27.07.2016 05:49, Nikunj A Dadhania wrote:
>> Add missing check to see that the IP offered is for this mac address.
>> 
>> Signed-off-by: Nikunj A Dadhania <nikunj at linux.vnet.ibm.com>
>> ---
>>  clients/net-snk/app/netlib/dhcp.c | 2 ++
>>  1 file changed, 2 insertions(+)
>> 
>> diff --git a/clients/net-snk/app/netlib/dhcp.c b/clients/net-snk/app/netlib/dhcp.c
>> index 7e2e88c..3f45633 100644
>> --- a/clients/net-snk/app/netlib/dhcp.c
>> +++ b/clients/net-snk/app/netlib/dhcp.c
>
> Please note that this file has recently been moved to lib/libnet/ instead.

Sure, will update.

>> @@ -865,6 +865,8 @@ int8_t handle_dhcp(int fd, uint8_t * packet, int32_t packetsize)
>>  		switch (dhcp_state) {
>>  		case DHCP_STATE_SELECT :
>>  			if (opt.msg_type == DHCPOFFER) {
>> +				if(memcmp(btph->chaddr, get_mac_address(), 6))
>> +					break;
>>  				dhcp_own_ip = htonl(btph -> yiaddr);
>>  				dhcp_server_ip = opt.server_ID;
>>  				dhcp_send_request(fd);
>> 
>
> Checking the MAC here should be fine, I think. I'm just wondering: Did
> you encounter a real world problem here, or did you just find this by
> reading the sources?

An issue was reported to me, though the tester hasnt been able to
recreate the issue. I had this patch queued for him to test.

> The SLOF code already checks the XID for received packets, so that
> should already give a basic protection against wrongly received
> broadcast DHCPOFFER messages, shouldn't it?

Oh right and I have verified that this patch is missing in that tree.

> Anyway, let's be better safe than sorry, so including this additional
> check is certainly a good idea!

Was there with me for few weeks until I could get a confirmation that
this indeed is the fix. Then thought of sending it on the list for
review !

Regards
Nikunj



More information about the SLOF mailing list