On 19.10.2012 00:49, Dave Rawks wrote: > Package: udhcpc > Version: :1.20.0-7 > Severity: normal > Tags: d-i > > udhcpc always returns a domain of "bad" when receiving a valid dhcp ack > from an upstream dhcp server. To reproduce first create a shellscript to > dump all of the variables set by udhcpc uppon successful receipt of a lease:
> I've tcpdumped both the client and server side of the dhcp exchange and > wireshark decodes the full ack packet as a valid dhcp/bootp ack AND includes > the correct domainname as configured to be sent on the server. Please tell us WHICH domain name is treated as "bad". You're hitting this fix for CVE-2011-0997: http://git.busybox.net/busybox/commit/?id=7280d2017d8075267a12e469983e38277dcf0374 "udhcpc: sanitize hostnames in incoming packets. Closes 3979." https://bugs.busybox.net/show_bug.cgi?id=3979 https://bugzilla.redhat.com/show_bug.cgi?id=689832 > Testing with isc-dhcp-client also yields a successful lease with the correct > domain name set. So the fix in busybox is different than implementd in isc-dhcp. Please tell us which domain name is that. /mjt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
