Opened 6 years ago
Last modified 3 years ago
#3009 new defect
kea6 does not drop relay-forward with forbidden options
Reported by: | wlodekwencel | Owned by: | |
---|---|---|---|
Priority: | medium | Milestone: | Outstanding Tasks |
Component: | dhcp6 | Version: | |
Keywords: | relay-forward | Cc: | |
CVSS Scoring: | Parent Tickets: | ||
Sensitive: | no | Defect Severity: | N/A |
Sub-Project: | DHCP | Feature Depending on Ticket: | |
Estimated Difficulty: | 0 | Add Hours to Ticket: | 0 |
Total Hours: | 0 | Internal?: | no |
Description (last modified by tomek)
Tests performed on GIT version of Bind downloaded 9.06.2013
DHCPv6 server accept as a valid message Relay-forward message with included not permitted options for Relay-Forward as:
-clientID
-serverID
-rapidcommit
-preference
To reproduce this bug plz use Forge project and use test with "realy_invalid" tag or build Relay Forward msg with Scapy
e.g.
IPv6(dst = address)/UDP(sport=546, dport=547)/DHCP6_RelayForward(linkaddr="3000::ffff", peeraddr=SRV_IPV6_ADDR, hopcount = level)/DHCP6OptIfaceId(ifaceid = "15")/DHCP6OptClientId()/DHCP6OptRelayMsg()/DHCP6_Solicit()
attached wireshark capture.
Subtickets
Attachments (2)
Change History (8)
Changed 6 years ago by wlodekwencel
comment:1 Changed 6 years ago by shane
- Milestone changed from New Tasks to DHCP Outstanding Tasks
Changed 6 years ago by wlodekwencel
comment:2 Changed 6 years ago by wlodekwencel
comment:3 Changed 6 years ago by tomek
- Milestone changed from DHCP Outstanding Tasks to DHCP-QA Defects
comment:4 Changed 4 years ago by tomek
- Milestone changed from DHCP-QA Defects to DHCP Outstanding Tasks
comment:5 Changed 4 years ago by tomek
- Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks
Milestone renamed
comment:6 Changed 3 years ago by tomek
- Description modified (diff)
- Summary changed from kea6 relay-forward bug to kea6 does not drop relay-forward with forbidden options
Note: See
TracTickets for help on using
tickets.
Relay-Forward message tested with the rest of not allowed options in message:
client ID
server ID
preference
time
option-request
status-codes
rapid-commit
reconfigure
reconfigure-accept
RFC 3315, table A "Appearance of Options in Message Types"
According to RFC 3315 section 15, those messages should be discarded, or in some cases replayed with statuscode UnSpecFail?.
It looks like Kea6 doesn't checking messages for not allowed options.
To repeat all those cases plz use Forge project and run all test tagged with 'relay_invalid', also I attached wireshark capture for all those tests.