From: Stefano Brivio <sbrivio@redhat.com>
To: Enrique Llorente Pastora <ellorent@redhat.com>
Cc: passt-dev@passt.top
Subject: Re: [PATCH] dhcp: Don't re-use request message for reply
Date: Mon, 3 Feb 2025 10:24:35 +0100 [thread overview]
Message-ID: <20250203102435.11bc9459@elisabeth> (raw)
In-Reply-To: <CAHVoYmLBdtBVA-BVM8tmc07k1YXCmsNmA5CgW8jPD6BDKtEfXA@mail.gmail.com>
On Mon, 3 Feb 2025 10:19:27 +0100
Enrique Llorente Pastora <ellorent@redhat.com> wrote:
> On Sat, Feb 1, 2025 at 2:13 PM Stefano Brivio <sbrivio@redhat.com> wrote:
> >
> > On Fri, 31 Jan 2025 15:53:29 +0100
> > Enrique Llorente <ellorent@redhat.com> wrote:
> >
> > > The logic composing the DHCP reply message is reusing the request
> > > message to compose the it, this kind be problematic from a security
> >
> > Does "be problematic" imply "would be ... once we add longer options"?
> >
> > > context and may break the functionality.
> >
> > Which one? This is important to know for distribution maintainers and,
> > ultimately, users.
> >
> > As far as I know it's all fine until now, the problem would arise in
> > your next patch, so perhaps state that.
> >
> > The real reason why we need this is that we want to have a given, fixed
> > size for the option field (308) so that we can easily check we don't
> > exceed it once we start writing the FQDN in it.
> >
> > > This change create a new reply message and fill it in with proper fields
> > > from request adding on top the generated opetions.
> >
> > s/opetions/options/
>
> Thinking about it twice, maybe we don't need this change after all,
> from what I see at
> code it override the request options with the reply options and then
> add the 255 finalizer and some padding if
> is less than 308, meaning that the request options has no effect on
> reply, isn't that enough ?
It's not, because with FQDN options we can easily exceed the minimum
size of a DHCP message we get, so the original message might not be
enough to write everything we need to write.
It's about the lower bound (of the size), not the upper bound.
--
Stefano
next prev parent reply other threads:[~2025-02-03 9:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-31 14:53 [PATCH] dhcp: Don't re-use request message for reply Enrique Llorente
2025-02-01 13:13 ` Stefano Brivio
2025-02-03 9:19 ` Enrique Llorente Pastora
2025-02-03 9:24 ` Stefano Brivio [this message]
2025-02-03 9:29 ` David Gibson
2025-02-03 9:53 ` Enrique Llorente Pastora
2025-02-03 19:00 ` Stefano Brivio
2025-02-03 10:26 ` Enrique Llorente Pastora
2025-02-03 19:00 ` Stefano Brivio
2025-02-04 9:27 ` Enrique Llorente Pastora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250203102435.11bc9459@elisabeth \
--to=sbrivio@redhat.com \
--cc=ellorent@redhat.com \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).