DHCID calculation bug

René GARCIA rene.garcia at sogeti.com
Thu Jul 16 13:32:10 UTC 2009


Hi,

I'm new to this list and I hope this has not been discussed before (archived
list does not mention it but it seems not to be updated since may 09). I'm
french and I hope you can read my english.

I'm working on IPv4 to IPv6 transition. As part of my job I've been testing
ISC DHCP 4.1.1b (and cvs repository) and I'm unhappy with DHCID handling
when sharing IPv4 DHCP+DDNS and IPv6 DHCP+DDNS in the same domainname. So
looking to the source code I've found two bugs. This post is about the fist
bug, I'll describe the second one in another post.

In function get_dhcid (file common/dns.c)
- argument type should be assumed to contain an 8 bit value, values should
be betwenn 0 and 255, if not calculation of the 2 first digits of DHCID
could produce an unexpected error reading random memory address ( type>>4
may have a value much greater than 15 if type is greater than 255). This is
a minor bug because get_dhcid is never called with a type value greater than
255. This may not be true in future releases.
- 2nd digit calculation of DHCID is false. IPv4 DHCID using UID (type 61)
should strart with "3D" but is starting with "31". Calculation of 2nd digit
should be type&0xF and not type%15. 


Patch for this file against CVS head :

------- START OF PATCH -------
*** common/dns.c        Thu Mar 26 18:20:23 2009
--- common/dns.patched.c        Thu Jul 16 15:25:49 2009
***************
*** 455,462 ****
        MD5_CTX md5;
        int i;

!       /* Types can only be 0..(2^16)-1. */
!       if (type < 0 || type > 65535)
                return 0;

        /* Hexadecimal MD5 digest plus two byte type and NUL. */
--- 455,462 ----
        MD5_CTX md5;
        int i;

!       /* Types can only be 0..(2^8)-1. */
!       if (type < 0 || type > 255)
                return 0;

        /* Hexadecimal MD5 digest plus two byte type and NUL. */
***************
*** 483,490 ****
         */

        /* Put the type in the first two bytes. */
!       id -> buffer -> data [0] = "0123456789abcdef" [type >> 4];
!       id -> buffer -> data [1] = "0123456789abcdef" [type % 15];

        /* Mash together an MD5 hash of the identifier. */
        MD5_Init (&md5);
--- 483,490 ----
         */

        /* Put the type in the first two bytes. */
!       id -> buffer -> data [0] = "0123456789abcdef" [(type >> 4) & 0xf];
!       id -> buffer -> data [1] = "0123456789abcdef" [type & 0xf];

        /* Mash together an MD5 hash of the identifier. */
        MD5_Init (&md5);
------- END OF PATCH -------


Regards,
René GARCIA




More information about the dhcp-workers mailing list