[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#690889: udhcpc always returns a domain of "bad" when receiving a valid dhcp ack packet

On 20.10.2012 01:15, Dave Rawks wrote:
> On 10/19/2012 12:20 PM, Michael Tokarev wrote:
>> The new function to verify name validity introduced to fix CVE-2011-0997
>> disallows names with trailing dots.  So any domain name ending in a dot
>> is rejected and is substituted with "bad" as subject says.
>> This is questionable - both the usage of names with trailing dot in this
>> context (it is not entirely DNS anymore, where trailing dot is obviously
>> allowed and perfectly valid), and rejecting of such names.
> I think that rejecting valid and allowed values seems an overreach especially when there is no consistency with the intention of the "validation" as is mentioned in the code comment. IMHO, It seems not so much a questionable behavior as an incorrect one.

Again: whenever this trailing dot is "allowed" in this place is an open
question, at least it is a corner case which can be treated either way.
And I don't have clear opinion on this -- to me, isc-dhcp behavour is
wrong, for reasons already stated.


Reply to: