Bug #40011 for dhcp-public: dhcpd 4.3.2 crash

Wed, 08 Jul 2015 09:03:59 -0400 Jiri Popelka <jpopelka@gmail.com> - Ticket created

Subject:	dhcpd 4.3.2 crash
Date:	Wed, 8 Jul 2015 15:03:48 +0200
To:	dhcp-bugs@isc.org
From:	"Jiri Popelka" <jpopelka@gmail.com>

Hi, I'm having a bug report [1] that dhcpd 4.3.2 crashes upon first DHCPDISCOVER if specific configuration file [2] is used. There's also a packet dump [3], but I've been able to reproduce with any DHCPDISCOVER. I did a git-bisect and it led me to [4]. I don't see the problem with this commit reverted. With regards, -- Jiri [1] https://bugzilla.redhat.com/show_bug.cgi?id=1236324 [2] https://bugzilla.redhat.com/attachment.cgi?id=1045991 [3] https://bugzilla.redhat.com/attachment.cgi?id=1049534 [4] https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=d9b2a590e835ec9d27f4c059ee07893b1acca110

Wed, 08 Jul 2015 10:16:08 -0400 Jiri Popelka <jpopelka@gmail.com> - Correspondence added

Subject:	Re: [ISC-Bugs #40011] dhcpd 4.3.2 crash
Date:	Wed, 8 Jul 2015 16:16:02 +0200
To:	dhcp-bugs@isc.org
From:	"Jiří Popelka" <jpopelka@gmail.com>

Sent from wrong email, please reply to jpopelka@redhat.com

thanks

--

Jiri

Wed, 08 Jul 2015 10:43:49 -0400 Brian Conry <bconry@isc.org> - Requestor Jiri Popelka <jpopelka@gmail.com> deleted

Wed, 08 Jul 2015 10:43:50 -0400 Brian Conry <bconry@isc.org> - Requestor Jiri Popelka <jpopelka@redhat.com> added

Wed, 08 Jul 2015 12:25:02 -0400 Jeremy Reed <Jeremy_Reed@isc.org> - Correspondence added

Thanks for relaying this to us and for your additional research. We are evaluating it currently.

Wed, 08 Jul 2015 12:25:03 -0400 The RT System itself - Status changed from 'new' to 'open'

Wed, 08 Jul 2015 17:02:46 -0400 Jeremy Reed <Jeremy_Reed@isc.org> - Correspondence added

The configuration contains the line "option host-name = config-option server.ddns-hostname;". The default definition of "server.ddns-hostname" was changed in 4.3.2 to pick from one of three values; one of which is "config-option host-name". This rendered the configuration line above, infinitely recursive. We decided this was not a security issue, because there are many ways an operator could program their DCHP configurations to cause other infinite loops. We will be writing and publishing an Operational Note and updating our documentation about this soon. If you'd like to ask the original reporter why they used the offending string, we may be able to provide guidance on what they should do instead.

Fri, 10 Jul 2015 04:38:18 -0400 Jiri Popelka <jpopelka@redhat.com> - Correspondence added

Subject:	Re: [ISC-Bugs #40011] dhcpd 4.3.2 crash
Date:	Fri, 10 Jul 2015 10:38:12 +0200
To:	dhcp-bugs@isc.org
From:	"Jiri Popelka" <jpopelka@redhat.com>

Thank you for the super-quick response. The original reported doesn't need any other guidance, so you can close the ticket if you want. -- Jiri

Wed, 15 Jul 2015 17:09:16 -0400 Shawn Routhier <sar@isc.org> - Queue changed from #8 to #9

Fri, 28 Aug 2015 14:52:20 -0400 Shawn Routhier <sar@isc.org> - Status changed from 'open' to 'resolved'

Wed, 21 Jun 2017 15:40:36 -0400 Brian Conry <bconry@isc.org> - Queue changed from #9 to #8

Fri, 07 Jul 2017 19:44:48 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #8 to dhcp-public

Created:	Wed, 08 Jul 2015 09:03:59 -0400
Updated:	Fri, 07 Jul 2017 19:44:48 -0400
Closed:	Fri, 28 Aug 2015 14:52:19 -0400

Bug #40011 for dhcp-public: dhcpd 4.3.2 crash

This bug tracker is no longer active.