Merge pull request #20002 from yuwata/sd-dhcp-client-ignore-forcerenew

sd-dhcp-client: ignore FORCERENEW
sd-dhcp-client: tentatively ignore FORCERENEW command
2026-03-19 11:34:46 +01:00 · 2021-06-24 10:01:10 +01:00 · 2021-06-24 11:25:26 +09:00 · 2021-06-24 11:25:26 +09:00 · 2021-06-24 11:25:26 +09:00 · 2021-06-24 11:25:26 +09:00
1 changed files with 72 additions and 68 deletions
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@ -1587,9 +1587,17 @@ static int client_handle_forcerenew(sd_dhcp_client *client, DHCPMessage *force,
        if (r != DHCP_FORCERENEW)
                return -ENOMSG;

+#if 0
        log_dhcp_client(client, "FORCERENEW");

        return 0;
+#else
+        /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP
+         * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW
+         * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */
+        log_dhcp_client(client, "Received FORCERENEW, ignoring.");
+        return -ENOMSG;
+#endif
 }

 static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) {
@ -1777,7 +1785,7 @@ static int client_set_lease_timeouts(sd_dhcp_client *client) {
 static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, int len) {
        DHCP_CLIENT_DONT_DESTROY(client);
        char time_string[FORMAT_TIMESPAN_MAX];
-        int r = 0, notify_event = 0;
+        int r, notify_event;

        assert(client);
        assert(client->event);
@ -1787,7 +1795,10 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
        case DHCP_STATE_SELECTING:

                r = client_handle_offer(client, message, len);
-                if (r >= 0) {
+                if (r == -ENOMSG)
+                        return 0; /* invalid message, let's ignore it */
+                if (r < 0)
+                        goto error;

                client->state = DHCP_STATE_REQUESTING;
                client->attempt = 0;
@ -1797,12 +1808,6 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
                                     0, 0,
                                     client_timeout_resend, client,
                                     client->event_priority, "dhcp4-resend-timer", true);
-                        if (r < 0)
-                                goto error;
-                } else if (r == -ENOMSG)
-                        /* invalid message, let's ignore it */
-                        return 0;
-
                break;

        case DHCP_STATE_REBOOTING:
@ -1811,19 +1816,40 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
        case DHCP_STATE_REBINDING:

                r = client_handle_ack(client, message, len);
-                if (r >= 0) {
+                if (r == -ENOMSG)
+                        return 0; /* invalid message, let's ignore it */
+                if (r == -EADDRNOTAVAIL) {
+                        /* got a NAK, let's restart the client */
+                        client_notify(client, SD_DHCP_CLIENT_EVENT_EXPIRED);
+
+                        r = client_initialize(client);
+                        if (r < 0)
+                                goto error;
+
+                        r = client_start_delayed(client);
+                        if (r < 0)
+                                goto error;
+
+                        log_dhcp_client(client, "REBOOT in %s", format_timespan(time_string, FORMAT_TIMESPAN_MAX,
+                                                                                client->start_delay, USEC_PER_SEC));
+
+                        client->start_delay = CLAMP(client->start_delay * 2,
+                                                    RESTART_AFTER_NAK_MIN_USEC, RESTART_AFTER_NAK_MAX_USEC);
+                        return 0;
+                }
+                if (r < 0)
+                        goto error;
+
+                if (IN_SET(client->state, DHCP_STATE_REQUESTING, DHCP_STATE_REBOOTING))
+                        notify_event = SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
+                else
+                        notify_event = r;
+
                client->start_delay = 0;
                (void) event_source_disable(client->timeout_resend);
-                        client->receive_message =
-                                sd_event_source_unref(client->receive_message);
+                client->receive_message = sd_event_source_unref(client->receive_message);
                client->fd = safe_close(client->fd);

-                        if (IN_SET(client->state, DHCP_STATE_REQUESTING,
-                                   DHCP_STATE_REBOOTING))
-                                notify_event = SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
-                        else if (r != SD_DHCP_CLIENT_EVENT_IP_ACQUIRE)
-                                notify_event = r;
-
                client->state = DHCP_STATE_BOUND;
                client->attempt = 0;

@ -1845,57 +1871,35 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i

                client_initialize_io_events(client, client_receive_message_udp);

-                        if (notify_event) {
+                if (IN_SET(client->state, DHCP_STATE_RENEWING, DHCP_STATE_REBINDING) &&
+                    notify_event == SD_DHCP_CLIENT_EVENT_IP_ACQUIRE)
+                        /* FIXME: hmm, maybe this is a bug... */
+                        log_dhcp_client(client, "client_handle_ack() returned SD_DHCP_CLIENT_EVENT_IP_ACQUIRE while DHCP client is %s the address, skipping callback.",
+                                        client->state == DHCP_STATE_RENEWING ? "renewing" : "rebinding");
+                else
                        client_notify(client, notify_event);
-                                if (client->state == DHCP_STATE_STOPPED)
-                                        return 0;
-                        }
-
-                } else if (r == -EADDRNOTAVAIL) {
-                        /* got a NAK, let's restart the client */
-                        client_notify(client, SD_DHCP_CLIENT_EVENT_EXPIRED);
-
-                        r = client_initialize(client);
-                        if (r < 0)
-                                goto error;
-
-                        r = client_start_delayed(client);
-                        if (r < 0)
-                                goto error;
-
-                        log_dhcp_client(client, "REBOOT in %s", format_timespan(time_string, FORMAT_TIMESPAN_MAX,
-                                                                                client->start_delay, USEC_PER_SEC));
-
-                        client->start_delay = CLAMP(client->start_delay * 2,
-                                                    RESTART_AFTER_NAK_MIN_USEC, RESTART_AFTER_NAK_MAX_USEC);
-
-                        return 0;
-                } else if (r == -ENOMSG)
-                        /* invalid message, let's ignore it */
-                        return 0;
-
                break;

        case DHCP_STATE_BOUND:
                r = client_handle_forcerenew(client, message, len);
-                if (r >= 0) {
-                        r = client_timeout_t1(NULL, 0, client);
+                if (r == -ENOMSG)
+                        return 0; /* invalid message, let's ignore it */
                if (r < 0)
                        goto error;
-                } else if (r == -ENOMSG)
-                        /* invalid message, let's ignore it */
-                        return 0;

+                r = client_timeout_t1(NULL, 0, client);
                break;

        case DHCP_STATE_INIT:
        case DHCP_STATE_INIT_REBOOT:
-
+                r = 0;
                break;

        case DHCP_STATE_STOPPED:
                r = -EINVAL;
                goto error;
+        default:
+                assert_not_reached("invalid state");
        }

 error:
Author	SHA1	Message	Date
Luca Boccassi	6222acc2b5	Merge pull request #20002 from yuwata/sd-dhcp-client-ignore-forcerenew sd-dhcp-client: ignore FORCERENEW	2021-06-24 10:01:10 +01:00
Yu Watanabe	38e980a6a5	sd-dhcp-client: tentatively ignore FORCERENEW command This makes DHCP client ignore FORCERENEW requests, as unauthenticated FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). Let's re-enable this after RFC3118 (Authentication for DHCP Messages) and/or RFC6704 (Forcerenew Nonce Authentication) are implemented. Fixes #16774.	2021-06-24 11:25:26 +09:00
Yu Watanabe	551ad0b7de	sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease Previously, such situation is handled silently.	2021-06-24 11:25:26 +09:00
Yu Watanabe	d57b62be0d	sd-dhcp-client: shorten code a bit	2021-06-24 11:25:26 +09:00
Yu Watanabe	67d8cd8193	sd-dhcp-client: check error earlier and reduce indentation	2021-06-24 11:25:26 +09:00