浏览代码

[dhcp] Verify server identifier on ProxyDHCPACKs

Perform the same test for a matching DHCP_SERVER_IDENTIFIER on
ProxyDHCPACKs as we do for DHCPACKs.  Otherwise, a retransmitted
DHCPACK can end up being treated as the ProxyDHCPACK.

I have a vague and unsettling memory that this test was deliberately
omitted, but I can't remember why, and can't find anything in the VC
logs.
tags/v0.9.4
Michael Brown 16 年前
父节点
当前提交
fdb8481de1
共有 1 个文件被更改,包括 25 次插入7 次删除
  1. 25
    7
      src/net/udp/dhcp.c

+ 25
- 7
src/net/udp/dhcp.c 查看文件

@@ -685,6 +685,7 @@ static void dhcp_store_dhcpoffer ( struct dhcp_session *dhcp,
685 685
  */
686 686
 static void dhcp_rx_dhcpoffer ( struct dhcp_session *dhcp,
687 687
 				struct dhcp_settings *dhcpoffer ) {
688
+	struct in_addr server_id;
688 689
 	char vci[9]; /* "PXEClient" */
689 690
 	int len;
690 691
 	uint8_t ignore_proxy = 0;
@@ -692,7 +693,8 @@ static void dhcp_rx_dhcpoffer ( struct dhcp_session *dhcp,
692 693
 
693 694
 	/* Check for presence of DHCP server ID */
694 695
 	if ( dhcppkt_fetch ( &dhcpoffer->dhcppkt, DHCP_SERVER_IDENTIFIER,
695
-			     NULL, 0 ) != sizeof ( struct in_addr ) ) {
696
+			     &server_id, sizeof ( server_id ) )
697
+	     != sizeof ( server_id ) ) {
696 698
 		DBGC ( dhcp, "DHCP %p received DHCPOFFER %p missing server "
697 699
 		       "identifier\n", dhcp, dhcpoffer );
698 700
 		return;
@@ -700,8 +702,9 @@ static void dhcp_rx_dhcpoffer ( struct dhcp_session *dhcp,
700 702
 
701 703
 	/* If there is an IP address, it's a normal DHCPOFFER */
702 704
 	if ( dhcpoffer->dhcppkt.dhcphdr->yiaddr.s_addr != 0 ) {
703
-		DBGC ( dhcp, "DHCP %p received DHCPOFFER %p has IP address\n",
704
-		       dhcp, dhcpoffer );
705
+		DBGC ( dhcp, "DHCP %p received DHCPOFFER %p from %s has IP "
706
+		       "address\n",
707
+		       dhcp, dhcpoffer, inet_ntoa ( server_id ) );
705 708
 		dhcp_store_dhcpoffer ( dhcp, dhcpoffer, &dhcp->dhcpoffer );
706 709
 	}
707 710
 
@@ -713,8 +716,9 @@ static void dhcp_rx_dhcpoffer ( struct dhcp_session *dhcp,
713 716
 			      vci, sizeof ( vci ) );
714 717
 	if ( ( len >= ( int ) sizeof ( vci ) ) &&
715 718
 	     ( strncmp ( "PXEClient", vci, sizeof ( vci ) ) == 0 ) ) {
716
-		DBGC ( dhcp, "DHCP %p received DHCPOFFER %p is a "
717
-		       "ProxyDHCPOFFER\n", dhcp, dhcpoffer );
719
+		DBGC ( dhcp, "DHCP %p received DHCPOFFER %p from %s is a "
720
+		       "ProxyDHCPOFFER\n",
721
+		       dhcp, dhcpoffer, inet_ntoa ( server_id ) );
718 722
 		dhcp_store_dhcpoffer ( dhcp, dhcpoffer,
719 723
 				       &dhcp->proxydhcpoffer );
720 724
 	}
@@ -802,8 +806,8 @@ static void dhcp_rx_dhcpack ( struct dhcp_session *dhcp,
802 806
 	dhcppkt_fetch ( &dhcpack->dhcppkt, DHCP_SERVER_IDENTIFIER,
803 807
 			&ack_server_id, sizeof ( ack_server_id ) );
804 808
 	if ( offer_server_id.s_addr != ack_server_id.s_addr ) {
805
-		DBGC ( dhcp, "DHCP %p ignoring DHCPACK with wrong server ID\n",
806
-		       dhcp );
809
+		DBGC ( dhcp, "DHCP %p ignoring DHCPACK with wrong server ID "
810
+		       "%s\n", dhcp, inet_ntoa ( ack_server_id ) );
807 811
 		return;
808 812
 	}
809 813
 
@@ -830,8 +834,22 @@ static void dhcp_rx_dhcpack ( struct dhcp_session *dhcp,
830 834
  */
831 835
 static void dhcp_rx_proxydhcpack ( struct dhcp_session *dhcp,
832 836
 				   struct dhcp_settings *proxydhcpack ) {
837
+	struct in_addr offer_server_id = { 0 };
838
+	struct in_addr ack_server_id = { 0 };
833 839
 	int rc;
834 840
 
841
+	/* Verify server ID matches */
842
+	assert ( dhcp->proxydhcpoffer != NULL );
843
+	dhcppkt_fetch ( &dhcp->proxydhcpoffer->dhcppkt, DHCP_SERVER_IDENTIFIER,
844
+			&offer_server_id, sizeof ( offer_server_id ) );
845
+	dhcppkt_fetch ( &proxydhcpack->dhcppkt, DHCP_SERVER_IDENTIFIER,
846
+			&ack_server_id, sizeof ( ack_server_id ) );
847
+	if ( offer_server_id.s_addr != ack_server_id.s_addr ) {
848
+		DBGC ( dhcp, "DHCP %p ignoring ProxyDHCPACK with wrong server "
849
+		       "ID %s\n", dhcp, inet_ntoa ( ack_server_id ) );
850
+		return;
851
+	}
852
+
835 853
 	/* Rename settings */
836 854
 	proxydhcpack->settings.name = PROXYDHCP_SETTINGS_NAME;
837 855
 

正在加载...
取消
保存