1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
From 0ad3b0fffe622bffbe9f380c3e4cb99b0961bef5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 24 Jun 2021 01:14:12 +0900
Subject: [PATCH] sd-dhcp-client: logs when dhcp client unexpectedly gains a
new lease
Previously, such situation is handled silently.
Upstream-Status: Backport
CVE: CVE-2020-13529
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/libsystemd-network/sd-dhcp-client.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index ef3a7d2c6b..04a75c6966 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -1760,7 +1760,7 @@ static int client_set_lease_timeouts(sd_dhcp_client *client) {
static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, int len) {
DHCP_CLIENT_DONT_DESTROY(client);
char time_string[FORMAT_TIMESPAN_MAX];
- int r, notify_event = 0;
+ int r, notify_event;
assert(client);
assert(client->event);
@@ -1815,16 +1815,16 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
if (r < 0)
goto error;
+ if (IN_SET(client->state, DHCP_STATE_REQUESTING, DHCP_STATE_REBOOTING))
+ notify_event = SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
+ else
+ notify_event = r;
+
client->start_delay = 0;
(void) event_source_disable(client->timeout_resend);
client->receive_message = sd_event_source_unref(client->receive_message);
client->fd = safe_close(client->fd);
- if (IN_SET(client->state, DHCP_STATE_REQUESTING, DHCP_STATE_REBOOTING))
- notify_event = SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
- else if (r != SD_DHCP_CLIENT_EVENT_IP_ACQUIRE)
- notify_event = r;
-
client->state = DHCP_STATE_BOUND;
client->attempt = 0;
@@ -1846,12 +1846,13 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
client_initialize_io_events(client, client_receive_message_udp);
- if (notify_event) {
+ if (IN_SET(client->state, DHCP_STATE_RENEWING, DHCP_STATE_REBINDING) &&
+ notify_event == SD_DHCP_CLIENT_EVENT_IP_ACQUIRE)
+ /* FIXME: hmm, maybe this is a bug... */
+ log_dhcp_client(client, "client_handle_ack() returned SD_DHCP_CLIENT_EVENT_IP_ACQUIRE while DHCP client is %s the address, skipping callback.",
+ client->state == DHCP_STATE_RENEWING ? "renewing" : "rebinding");
+ else
client_notify(client, notify_event);
- if (client->state == DHCP_STATE_STOPPED)
- return 0;
- }
-
break;
case DHCP_STATE_BOUND:
|
