On Wed, Dec 05, 2018 at 07:10:13PM +0000, Gregory Smith wrote: > See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the > server should validate that the client's requested IP matches the > offered IP. If not, the server should reply with a DHCPNAK. The client's > requested IP is either specified as the Requested IP Address (option > 50), or as the ciaddr, depending on the client's state. > > Signed-off-by: Gregory Smith <[email protected]> > --- > > v4 -> v5 > -------- > * Fixed clang cast alignment warnings. > > v3 -> v4 > -------- > * Reworked the option-parsing while loop. > > v2 -> v3 > -------- > * Fixed long line. > > v1 -> v2 > -------- > * Refactored DHCP option parsing and packet boundary checks. > > lib/dhcp.h | 3 + > ovn/controller/pinctrl.c | 129 +++++++++++++++++++++++++------- > ovn/lib/ovn-l7.h | 9 +++ > tests/ovn.at | 188 > +++++++++++++++++++++++++++++++++++++---------- > 4 files changed, 264 insertions(+), 65 deletions(-)
Thanks for the patch. This code looks pretty optimistic about things that I'm not sure it should depend on. It uses ALIGNED_CAST in multiple places although I don't see a reason to assume that the data in question is actually aligned. It also appears to read out the DHCP magic cookie before it checks whether the packet is long enough to contain it. Please take another look and make sure that this code is validating everything properly. Thanks, Ben. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
