[ipxe-devel] [PATCH] Validate L2 address in DHCP packets.

Wissam Shoukair wissams at mellanox.com
Sun Sep 7 15:29:40 BST 2014


Checking for valid XID is not enough, because if two PXE clients
sends the DHCP Discover with the same XID then both of them will get
both offers while one of them with the wrong client HW address.

Signed-off-by: Wissam Shoukair <wissams at mellanox.com>
---
 src/net/udp/dhcp.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/net/udp/dhcp.c b/src/net/udp/dhcp.c
index e6d3edd..d89728f 100644
--- a/src/net/udp/dhcp.c
+++ b/src/net/udp/dhcp.c
@@ -1157,10 +1157,12 @@ static int dhcp_deliver ( struct dhcp_session *dhcp,
 	size_t data_len;
 	struct dhcp_packet *dhcppkt;
 	struct dhcphdr *dhcphdr;
+	uint8_t local_mac[MAX_LL_ADDR_LEN];
 	uint8_t msgtype = 0;
 	struct in_addr server_id = { 0 };
 	int rc = 0;
 
+
 	/* Sanity checks */
 	if ( ! meta->src ) {
 		DBGC ( dhcp, "DHCP %p received packet without source port\n",
@@ -1193,6 +1195,24 @@ static int dhcp_deliver ( struct dhcp_session *dhcp,
 	dhcppkt_fetch ( dhcppkt, DHCP_SERVER_IDENTIFIER,
 			&server_id, sizeof ( server_id ) );
 
+	/* Validate L2 address */
+#define MAC_FMT		"%02x:%02x:%02x:%02x:%02x:%02x"
+#define MAC_PTR(x)	((uint8_t*)(x))[0], ((uint8_t*)(x))[1], ((uint8_t*)(x))[2], \
+					((uint8_t*)(x))[3], ((uint8_t*)(x))[4], ((uint8_t*)(x))[5]
+
+	dhcp_chaddr ( dhcp->netdev, local_mac, NULL );
+	DBGC ( dhcp, "DHCP %p %s from %s:%d is for MAC ["MAC_FMT"]."
+		   "Local MAC is ["MAC_FMT"]. ", dhcp, dhcp_msgtype_name ( msgtype ),
+		   inet_ntoa ( peer->sin_addr ), ntohs ( peer->sin_port ),
+		   MAC_PTR( dhcppkt->dhcphdr->chaddr ), MAC_PTR( local_mac ) );
+	if ( memcmp ( dhcppkt->dhcphdr->chaddr, local_mac, dhcppkt->dhcphdr->hlen ) ) {
+		DBGC ( dhcp, "Packet discarded.\n" );
+		rc = -EINVAL;
+		goto err_mac;
+	} else {
+		DBGC ( dhcp, "Handling packet.\n" );
+	}
+
 	/* Check for matching transaction ID */
 	if ( dhcphdr->xid != dhcp->xid ) {
 		DBGC ( dhcp, "DHCP %p %s from %s:%d has bad transaction "
@@ -1207,6 +1227,7 @@ static int dhcp_deliver ( struct dhcp_session *dhcp,
 	dhcp->state->rx ( dhcp, dhcppkt, peer, msgtype, server_id );
 
  err_xid:
+ err_mac:
 	dhcppkt_put ( dhcppkt );
  err_alloc_dhcppkt:
  err_no_src:
-- 
1.7.11.1



More information about the ipxe-devel mailing list