Report information
The Basics
Id:
35378
Status:
resolved
Estimated:
120 hours (7,200 minutes)
Worked:
72 hours (4,320 minutes)
Users:
tmark: 71.67 hours (4,300 minutes)
Left:
120 hours (7,200 minutes)
Priority:
Low/Low
Queue:
dhcp-public
People
BugTracker
Version Fixed:
4.4.0 4.3.6 4.1-ESV-R15
Version Found:
4.2.5
Versions Affected:
(no value)
Versions Planned:
4.4.0, 4.3.6, 4.1-ESV-R15
Priority:
P1 High
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
DHCP Server
Area:
bug
Dates
Created:Fri, 14 Feb 2014 11:30:12 -0500
Updated:Mon, 15 Jan 2018 14:56:34 -0500
Closed:Mon, 12 Jun 2017 13:57:19 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Fri, 14 Feb 2014 11:30:12 -0500 Mark Nejedlo <mark.nejedlo@tdstelecom.com> - Ticket created
CC: marketing@isc.org
Subject: Bug Submission Form - Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths
Date: Fri, 14 Feb 2014 16:30:42 +0000
To: dhcp-bugs@isc.org
From: Mark Nejedlo <mark.nejedlo@tdstelecom.com>

Bug Report from www.isc.org:

  • Name: Mark Nejedlo
  • Email: mark.nejedlo@tdstelecom.com
  • Software Version: dhcpd 4.2.5
  • OS: RHEL 6.5
  • Subject:Error handling overlapping prefix6 leases with different mask lengths

Bug Detail

While testing various options for how to issue v6 leases, space which had been issueing /64 prefix delegations was changed to issue /56 delegations. This led to dhcpd attempting to issue overlapping leases.

The scenario:

The dhcp server was set up to serve "prefix6 2600:340X:YYY0:0000:: 2600:340X:YYYf:ffff:: /64" for a subnet. The next time a prefix delegation was requested, a lease was issued to the client device for 2600:340X:YYYf:ffff::/64.

Later we decided that we wanted to be able to issue both /56 and /64 leases, so 2600:340X:YYY0::/44 was split in to two prefix statements: "prefix6 2600:340X:YYY0:0000:: 2600:340X:YYY7:ffff:: /64" and "prefix6 2600:340X:YYY8:0000:: 2600:340X:YYYf:ff00:: /56".

So, we have a lease for a /64 in space which is now allocated to /56 assignments. I expected dhcpd to decline the next renewal and issue a new /64 lease out of 2600:340X:YYY0::/45, but instead it continued allowing 2600:340X:YYYf:ffff::/64.

The problem occurred later (after multiple max-lease-time had passed) when a /56 was requested. Despite the existing valid lease for 2600:340X:YYYf:ffff::/64, a lease was issued for 2600:340X:YYYf:ff00::/56, which the router promptly refused due to the new /56 delegation conflicting with the old, but valid, /64 delegation.

I'm currently running 4.2.5. I see that 4.2.6 and 4.3.0 came out earlier this month, but I have not yet upgraded. I don't see anything in the release notes to make me believe this issue (or anything related to prefix6) has been addressed.

---

This email was received through isc.org Bug Submission Form

All information within this email is considered confidential and for internal use only.

Fri, 14 Feb 2014 15:37:08 -0500 Mark Andrews <marka@isc.org> - Subject changed from 'Bug Submission Form - Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths' to 'Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths'
Thu, 06 Mar 2014 09:47:08 -0500 Cathy Almond <cathya@isc.org> - Severity S2 Normal added
Thu, 06 Mar 2014 09:47:08 -0500 Cathy Almond <cathya@isc.org> - Version Found 4.2.5 added
Thu, 06 Mar 2014 09:51:24 -0500 Cathy Almond <cathya@isc.org> - Status changed from 'new' to 'open'
Sun, 09 Mar 2014 23:38:28 -0400 Shawn Routhier <sar@isc.org> - Subject changed from 'Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths' to 'Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server]'
Tue, 02 Sep 2014 17:50:59 -0400 Vicky Risk <vicky@isc.org> - Versions Planned 4.3.2 added
Thu, 02 Oct 2014 00:41:07 -0400 Shawn Routhier <sar@isc.org> - FinalPriority changed from 'Medium' to 'Medium'
Thu, 02 Oct 2014 00:41:07 -0400 Shawn Routhier <sar@isc.org> - Priority changed from 'Medium' to 'Medium'
Thu, 02 Oct 2014 00:41:07 -0400 Shawn Routhier <sar@isc.org> - Priority P1 High added
Mon, 23 Mar 2015 21:13:02 -0400 Shawn Routhier <sar@isc.org> - FinalPriority changed from 'Medium' to 'Low'
Mon, 23 Mar 2015 21:13:02 -0400 Shawn Routhier <sar@isc.org> - Priority changed from 'Medium' to 'Low'
Mon, 23 Mar 2015 21:13:02 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.3.2 changed to 4.3.3
Thu, 26 Mar 2015 22:46:43 -0400 Shawn Routhier <sar@isc.org> - TimeEstimated changed from (no value) to '7200'
Thu, 30 Jul 2015 00:54:47 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.3.3 changed to 4.3.4
Wed, 19 Aug 2015 01:48:01 -0400 Shawn Routhier <sar@isc.org> - TimeLeft changed from (no value) to '7200'
Thu, 21 Apr 2016 13:00:00 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.3.4 changed to 4.3.5
Wed, 30 Nov 2016 09:59:52 -0500 Thomas Markwalder <tmark@isc.org> - Versions Planned 4.3.5 changed to 4.3.6
Tue, 14 Feb 2017 15:02:09 -0500 Thomas Markwalder <tmark@isc.org> - FinalPriority changed from 'Low' to 'Low'
Tue, 14 Feb 2017 15:02:09 -0500 Thomas Markwalder <tmark@isc.org> - Priority changed from 'Low' to 'Low'
Wed, 24 May 2017 15:13:50 -0400 Thomas Markwalder <tmark@isc.org> - Taken
Fri, 09 Jun 2017 14:00:24 -0400 Thomas Markwalder <tmark@isc.org> - Versions Planned 4.3.6 changed to 4.4.0, 4.3.6, 4.1-ESV-R15
Fri, 09 Jun 2017 14:01:07 -0400 Thomas Markwalder <tmark@isc.org> - Worked 71.67 hours (4,300 minutes) 4,300 minutes
Fri, 09 Jun 2017 14:01:07 -0400 Thomas Markwalder <tmark@isc.org> - Queue changed from #8 to #9
Fri, 09 Jun 2017 14:01:07 -0400 Thomas Markwalder <tmark@isc.org> - Untaken
Mon, 12 Jun 2017 08:41:48 -0400 Francis Dupont <Francis_Dupont@isc.org> - Taken
Mon, 12 Jun 2017 08:54:52 -0400 Francis Dupont <Francis_Dupont@isc.org> - Given to Thomas Markwalder <tmark@isc.org>
Mon, 12 Jun 2017 11:46:04 -0400 Thomas Markwalder <tmark@isc.org> - Area bug added
Mon, 12 Jun 2017 11:46:04 -0400 Thomas Markwalder <tmark@isc.org> - Component DHCP Server added
Mon, 12 Jun 2017 11:46:05 -0400 Thomas Markwalder <tmark@isc.org> - Version Fixed 4.4.0 4.3.6 4.1-ESV-R15 added
Mon, 12 Jun 2017 11:46:05 -0400 Thomas Markwalder <tmark@isc.org> - Status changed from 'open' to 'resolved'
Mon, 12 Jun 2017 11:46:06 -0400 Thomas Markwalder <tmark@isc.org> - Dependency by #24720: added
Mon, 12 Jun 2017 11:46:06 -0400 Thomas Markwalder <tmark@isc.org> - Dependency by #43312: added
Mon, 12 Jun 2017 11:46:06 -0400 Thomas Markwalder <tmark@isc.org> - Dependency by #43313: added
  Mon, 12 Jun 2017 12:05:29 -0400 Thomas Markwalder <tmark@isc.org> - Correspondence added

Hello Mark: You'll be pleased to learn that we've corrected your issue in our upcoming releases 4.4.0 (date is TBD) and 4.3.6/4.1-ESV-R15 due out July 31st, 2017. Sorry it took us awhile but our resources are limited and we work on what we can as we can. The were two issues. The first was in lease file parsing, which did not check for matching prefix lengths between pools and leases. This meant that a lease was considered valid so long as its address could be matched to pool. Now the server requires that the prefix lengths of the lease and pool be equal, otherwise it will log the issue and discard the lease. The second issue was in processing prefix delegations received from the client via IA_PD suboptions. While we were enforcing the requested length and pool length match, we were internally treating mismatches as an error rather than as an "out-of-range" condition and not taking the appropriate action. The server will now treat these as it would out-of-range hints from the client for address leases (IA_NA or IA_TA). In the case of SOLICITs and REQUESTs it will attempt to offer what it can based on configuration (basically it will ignore the hint). For RENEWs it will return a status of No Binding, and for REBINDS it will return the lease with lifetimes set to zero. We'd like to thank you for your submission by citing you in our release notes. If you'd like to recognized in this manner please respond with how you wish to be identified. Typically it is by name and/or organization. Sincerely, Thomas Markwalder ISC Software Engineering
Mon, 12 Jun 2017 12:05:29 -0400 The RT System itself - Status changed from 'resolved' to 'open'
Mon, 12 Jun 2017 12:05:57 -0400 Thomas Markwalder <tmark@isc.org> - Status changed from 'open' to 'resolved'
  Mon, 12 Jun 2017 12:54:11 -0400 Mark Nejedlo <mark.nejedlo@tdstelecom.com> - Correspondence added
Subject: RE: [ISC-Bugs #35378] Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server]
Date: Mon, 12 Jun 2017 16:54:06 +0000
To: "dhcp-review@isc.org" <dhcp-review@isc.org>
From: "Nejedlo, Mark" <Mark.Nejedlo@tdstelecom.com>

Mark Nejedlo at TDS Telecom Thanks, Mark -----Original Message----- From: Thomas Markwalder via RT [mailto:dhcp-review@isc.org] Sent: Monday, June 12, 2017 11:05 AM To: Nejedlo, Mark Subject: [ISC-Bugs #35378] Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server] Hello Mark: You'll be pleased to learn that we've corrected your issue in our upcoming releases 4.4.0 (date is TBD) and 4.3.6/4.1-ESV-R15 due out July 31st, 2017. Sorry it took us awhile but our resources are limited and we work on what we can as we can. The were two issues. The first was in lease file parsing, which did not check for matching prefix lengths between pools and leases. This meant that a lease was considered valid so long as its address could be matched to pool. Now the server requires that the prefix lengths of the lease and pool be equal, otherwise it will log the issue and discard the lease. The second issue was in processing prefix delegations received from the client via IA_PD suboptions. While we were enforcing the requested length and pool length match, we were internally treating mismatches as an error rather than as an "out-of-range" condition and not taking the appropriate action. The server will now treat these as it would out-of-range hints from the client for address leases (IA_NA or IA_TA). In the case of SOLICITs and REQUESTs it will attempt to offer what it can based on configuration (basically it will ignore the hint). For RENEWs it will return a status of No Binding, and for REBINDS it will return the lease with lifetimes set to zero. We'd like to thank you for your submission by citing you in our release notes. If you'd like to recognized in this manner please respond with how you wish to be identified. Typically it is by name and/or organization. Sincerely, Thomas Markwalder ISC Software Engineering
Mon, 12 Jun 2017 12:54:12 -0400 The RT System itself - Status changed from 'resolved' to 'open'
Mon, 12 Jun 2017 13:57:19 -0400 Thomas Markwalder <tmark@isc.org> - Status changed from 'open' to 'resolved'
Wed, 21 Jun 2017 15:40:11 -0400 Brian Conry <bconry@isc.org> - Queue changed from #9 to #8
Tue, 12 Dec 2017 07:40:59 -0500 Thomas Markwalder <tmark@isc.org> - Queue changed from #8 to dhcp-public
Mon, 15 Jan 2018 14:56:34 -0500 Vicky Risk <vicky@isc.org> - Subject changed from 'Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server]' to '[Patch] Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server]'