[BusyBox-cvs] [BusyBox 0000260]: udhcpc doesn't validate client hardware address

bugs at busybox.net bugs at busybox.net
Sun Jul 31 22:34:48 UTC 2005


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=260 
====================================================================== 
Reported By:                keithsmith
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   260
Category:                   Networking Support
Reproducibility:            random
Severity:                   minor
Priority:                   normal
Status:                     closed
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             05-18-2005 20:43 PDT
Last Modified:              07-31-2005 15:34 PDT
====================================================================== 
Summary:                    udhcpc doesn't validate client hardware address
Description: 
When udhcpc initiates a DHCP negotiation, it generates a transaction ID
that it uses to identify server responses targeted to the current host. 
During the negotiation, udhcpc assumes that all packets received from the
server tagged with the original transaction ID are valid for the current
host.

However, if /dev/urandom has been seeded identically on a number of hosts,
a subset of them may use the same transaction ID for their first
interaction with the DHCP server.  This means that they may act on offers
and absorb ACKs that the server intended for a different host.  In short,
boxes may acquire IP addresses that the server wasn't offering to them,
causing IP conflicts and hell with name resolution.

I am seeing this effect because my company's terminal product has a remote
configuration tool that allows multiple boxes to be soft-rebooted
simultaneously.

Admittedly the PRNG needs to be uniquely seeded on each device, but
failure to do this should not necessarily cause IP conflicts on your
network.
====================================================================== 

---------------------------------------------------------------------- 
 pgf - 07-20-05 12:13  
---------------------------------------------------------------------- 
Committed revision 10880. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
05-18-05 20:43  keithsmith     New Issue                                    
05-18-05 20:43  keithsmith     File Added: udhcpc-check-chaddr.patch            
       
05-18-05 20:59  keithsmith     Issue Monitored: keithsmith                    
06-01-05 13:53  keithsmith     Issue End Monitor: keithsmith                    
07-20-05 12:13  pgf            Status                   assigned => resolved
07-20-05 12:13  pgf            Resolution               open => fixed       
07-20-05 12:13  pgf            Note Added: 0000323                          
07-31-05 15:34  vapier         Status                   resolved => closed  
======================================================================




More information about the busybox-cvs mailing list