Hosting Provided By

system/2888: dhcp server mishandles long requested lease times

From: <openbsd(at)nerd-marrow.com>
Date: Fri Aug 16 2002 - 13:40:18 EDT

>Number: 2888
>Category: system
>Synopsis: DHCP server mishandles very long lease time requests
>Confidential: no
dis
>Environment:

	System      : OpenBSD 3.1
	Architecture: OpenBSD.i386
	Machine     : i386

>Description:

When the DHCP server recieves a DHCP request from a client with a very long lease time (Linux's dhcpcd uses ~0 by default), the server treats it as a negative number, and a lease is generated that ends before it starts.
>How-To-Repeat:

Have a Linux (I used Red Hat 7.3) client request a lease from an OpenBSD server. Then inspect the /var/db/dhcpd.leases file. Note that the "ends" field is one second before the "starts" field.
>Fix:

Apply the enclosed patch to usr.sbin/dhcp/server/dhcp.c

Note that this patch does NOT address all the other possible overflow failures in this code.

dhcp.c.orig Fri Aug 16 13:26:33 2002 +++ dhcp.c Fri Aug 16 13:27:18 2002 @@ -784,7 +784,7 @@

 			/* Don't let the client ask for a longer lease than
 			   is supported for this subnet or host. */
-			if (lease_time > max_lease_time)
+			if (lease_time < 1 || lease_time > max_lease_time)
 				lease_time = max_lease_time;
 		} else
 			lease_time = default_lease_time;

>Release-Note:
Received on Thu Nov 7 16:29:09 2002

This message: [ Message body ]
Next message: tedu: "documentation/2956: powerhook manpage correction"
Previous message: tedu: "kernel/2957: rl driver needs powerhook"
In reply to veins(at)skreel.org: "user/2846: ftpd - cant open passive connection: cant assign requested address."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:37 EDT