Re: [PATCH] dhcp: Don't re-use request message for reply

On Mon, Feb 3, 2025 at 10:29 AM David Gibson wrote:

On Sat, Feb 01, 2025 at 02:13:30PM +0100, Stefano Brivio wrote:

...

On Fri, 31 Jan 2025 15:53:29 +0100 Enrique Llorente wrote:

...

The logic composing the DHCP reply message is reusing the request message to compose the it, this kind be problematic from a security

Does "be problematic" imply "would be ... once we add longer options"?

...

context and may break the functionality.

Which one? This is important to know for distribution maintainers and, ultimately, users.

Right, as a general rule commit messages be specific and concrete about what the problem they're address is.

This looks about right ? The logic composing the DHCP reply message is reusing the request message to compose it, future long options like FQDN may exceed the request message limit making it go beyond the lower bound. This change create a new reply message with a fixed options size of 308 and fill it in with proper fields from requests adding on top the generated options, this way the reply lower bound does not depend on the request.

-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson

-- Quique Llorente CNV networking Senior Software Engineer Red Hat EMEA ellorent@redhat.com @RedHat Red Hat Red Hat