1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 24 Jun 2021 01:22:07 +0900
Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command
This makes DHCP client ignore FORCERENEW requests, as unauthenticated
FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529).
Let's re-enable this after RFC3118 (Authentication for DHCP Messages)
and/or RFC6704 (Forcerenew Nonce Authentication) are implemented.
Fixes #16774.
Upstream-Status: Backport [https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5]
CVE: CVE-2020-13529
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
---
src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -1392,9 +1392,17 @@ static int client_handle_forcerenew(sd_dhcp_client *client, DHCPMessage *force,
if (r != DHCP_FORCERENEW)
return -ENOMSG;
+#if 0
log_dhcp_client(client, "FORCERENEW");
return 0;
+#else
+ /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP
+ * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW
+ * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */
+ log_dhcp_client(client, "Received FORCERENEW, ignoring.");
+ return -ENOMSG;
+#endif
}
static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) {
|