Anonymous | Login | Signup for a new account | 11-10-2008 10:45 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0000260 | [BusyBox] Networking Support | minor | random | 05-18-05 20:43 | 07-31-05 15:34 | ||||
Reporter | keithsmith | View Status | public | ||||||
Assigned To | BusyBox | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | 1.00 | ||||||
Summary | 0000260: udhcpc doesn't validate client hardware address | ||||||||
Description |
When udhcpc initiates a DHCP negotiation, it generates a transaction ID that it uses to identify server responses targeted to the current host. During the negotiation, udhcpc assumes that all packets received from the server tagged with the original transaction ID are valid for the current host. However, if /dev/urandom has been seeded identically on a number of hosts, a subset of them may use the same transaction ID for their first interaction with the DHCP server. This means that they may act on offers and absorb ACKs that the server intended for a different host. In short, boxes may acquire IP addresses that the server wasn't offering to them, causing IP conflicts and hell with name resolution. I am seeing this effect because my company's terminal product has a remote configuration tool that allows multiple boxes to be soft-rebooted simultaneously. Admittedly the PRNG needs to be uniquely seeded on each device, but failure to do this should not necessarily cause IP conflicts on your network. |
||||||||
Additional Information |
The patch contains a magic number, 6, representing the length of an ethernet MAC address. However, grep -r '[^0-9\.]6[^0-9\.]' busybox-1.00/networking/udhcp returns 22 matches, 20 of which contain a magic 6. It would be better to address this situation with a separate patch. It is easier to reproduce this bug if you temporarily(!) alias /dev/urandom to /dev/zero. |
||||||||
Attached Files | udhcpc-check-chaddr.patch [^] (583 bytes) 05-18-05 20:43 | ||||||||
|
Copyright © 2000 - 2006 Mantis Group |