| From ae18277a6cfd04af8a914780f04a867254ab2341 Mon Sep 17 00:00:00 2001 |
| From: Yu Watanabe <watanabe.yu+github@gmail.com> |
| Date: Thu, 24 Jun 2021 01:22:07 +0900 |
| Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command |
| |
| This makes DHCP client ignore FORCERENEW requests, as unauthenticated |
| FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). |
| |
| Let's re-enable this after RFC3118 (Authentication for DHCP Messages) |
| and/or RFC6704 (Forcerenew Nonce Authentication) are implemented. |
| |
| Fixes #16774. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2020-13529 |
| Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| --- |
| src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++ |
| 1 file changed, 8 insertions(+) |
| |
| diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c |
| index 04a75c6966..54eb3a2ab0 100644 |
| --- a/src/libsystemd-network/sd-dhcp-client.c |
| +++ b/src/libsystemd-network/sd-dhcp-client.c |
| @@ -1536,9 +1536,17 @@ static int client_handle_forcerenew(sd_dhcp_client *client, DHCPMessage *force, |
| if (r != DHCP_FORCERENEW) |
| return -ENOMSG; |
| |
| +#if 0 |
| log_dhcp_client(client, "FORCERENEW"); |
| |
| return 0; |
| +#else |
| + /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP |
| + * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW |
| + * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */ |
| + log_dhcp_client(client, "Received FORCERENEW, ignoring."); |
| + return -ENOMSG; |
| +#endif |
| } |
| |
| static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) { |