Bug 731990 - dhcpd can segfault when scanning TUN interface during start
Summary: dhcpd can segfault when scanning TUN interface during start
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: dhcp
Version: 6.1
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: rc
: ---
Assignee: Jiri Popelka
QA Contact: Release Test Team
URL:
Whiteboard:
: 736149 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-19 11:51 UTC by Ronald Wahl
Modified: 2011-12-06 12:01 UTC (History)
5 users (show)

Fixed In Version: dhcp-4.1.1-22.P1.el6
Doc Type: Bug Fix
Doc Text:
If the system included network interfaces with no hardware address, the dhcpd scan could have caused a segmentation fault when scanning such an interface. As a consequence, the dhcp daemon unexpectedly terminated. To prevent this issue, dhcpd now tests a pointer which represents the hardware address of the interface for the NULL value. The dhcp daemon no longer crashes.
Clone Of:
Environment:
Last Closed: 2011-12-06 12:01:00 UTC
Target Upstream Version:

Attachments (Terms of Use)
Fix segmentation fault during start of dhcpd (and dhclient) (329 bytes, patch)
2011-08-19 11:51 UTC, Ronald Wahl 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1597 0 normal SHIPPED_LIVE dhcp bug fix and enhancement update 2011-12-06 00:51:17 UTC

Description Ronald Wahl 2011-08-19 11:51:50 UTC 
Created attachment 519025 [details]
Fix segmentation fault during start of dhcpd (and dhclient)

Description of problem:
When dhcpd is started a segmentation fault may occur when there are network interfaces without a hardware address. For example we have a tun0 and a tun1 device (created by a running openvpn daemon) and these do not have a hardware address. If the dhcpd scans the interfaces on start it dereferences a pointer without checking if it is NULL. Attached fix taken from here:

http://www.mail-archive.com/scientific-linux-users@listserv.fnal.gov/msg09049.html


Version-Release number of selected component (if applicable):
dhcp-4.1.1-19.P1.el6_1.1.x86_64

How reproducible:
Depends on the interface order - if the interfaces without a hardware address are registered before the interfaces where dhcpd should listen then 100% otherwise it is not reproducible.


Steps to Reproduce:
1. Create some tun devices
2. Create new ethernet device (or restart network)
3. Start dhcpd on this new ethernet device
  
Actual results:
dhcpd segfaults

Expected results:
dhcpd should work as expected

Additional info:
dhclient might be affected as well by the same issue
Comment 4 Miroslav Svoboda 2011-08-30 10:57:56 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
If the system included network interfaces with no hardware address, the dhcpd scan could have caused a segmentation fault when scanning such an interface. As a consequence, the dhcp daemon unexpectedly terminated. To prevent this issue, dhcpd now tests a pointer which represents the hardware address of the interface for the NULL value. The dhcp daemon no longer crashes.
Comment 5 Jiri Popelka 2011-09-07 08:59:36 UTC 
*** Bug 736149 has been marked as a duplicate of this bug. ***
Comment 7 errata-xmlrpc 2011-12-06 12:01:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1597.html
Note You need to log in before you can comment on or make changes to this bug.