dhcp_set_cb() is lost on a timed out DHCP lease renewal (IDFGH-5498) #32
Comments
github-actions
bot
changed the title
|
Thanks @pho for reporting this issue, indeed the Please find the WIP patch attached below |
espressif-bot
pushed a commit
to espressif/esp-idf
that referenced
this issue
Mar 11, 2022
* Cherry-pick important fixes to 2.1.2-esp - CVE-2020-22283: Attacker could craft a packet that would disclose 8 bytes of some heap memory: - icmp6: Don't copy too much data - icmp6: Fix copying of chained pbuf in reply - icmp6: keep to the RFC and send as much as possible with icmp6 error messages - CVE-2020-22284: ZEP - ZigBee Encapsulation Protocol/6LoWPAN is not supported in IDF, the netif module (zepif.c) is not included in the build, but users can still inject the file into compilation process, implement IO interface and use this. - zepif: Copy possibly chained output pbuf properly - Add #define for minimum IPv6 MTU length - pbuf: Add pbuf_copy_partial_pbuf library function * PPPoS: Fix null-deref when processing double break packet - pppos: fix in_tail null (espressif/esp-lwip@537c69d5) - PPP: Add test exhibiting empty packet null-deref (espressif/esp-lwip@202a07da) * NAPT: Fix PBUF_REF type to clone the pbuf before forwarding - IP-FORWARD: If packet-type is PBUF_REF clone it before forwarding - Add NAPT unit test to exercise NAT feature for both RAM and REF pbuf types * version: Update version numbers to match 2.1.2-esp * Minor fixes listed below: Fix client receive KOD, NAPT fixes, restore dhcp_cb, sntp docs, vendor class id (disabled) * Update submodule: espressif/esp-lwip@2195f74...76303df Detailed description of the changes: - test/napt: Add unit test for IP forward with PBUF_REF (espressif/esp-lwip@76303df2) - napt: Fix PBUF_REF type to clone the pbuf before forwarding (espressif/esp-lwip@39068263) - version: Update version numbers to match 2.1.2-esp (espressif/esp-lwip@2b922919) - pppos: fix in_tail null (espressif/esp-lwip@537c69d5) - PPP: Add test exhibiting empty packet null-deref (espressif/esp-lwip@202a07da) - pbuf: Add pbuf_copy_partial_pbuf library function (espressif/esp-lwip@1c9cd9c1) - Add #define for minimum IPv6 MTU length (espressif/esp-lwip@d2dc577b) - zepif: Copy possibly chained output pbuf properly (espressif/esp-lwip@64ab7f2a) - icmp6: Don't copy too much data (espressif/esp-lwip@4a64731b) - icmp6: Fix copying of chained pbuf in reply (espressif/esp-lwip@7c822ff4) - icmp6: keep to the RFC and send as much as possible with icmp6 error messages (espressif/esp-lwip@29100ab6) - dns: Add API to clear dns cache (espressif/esp-lwip@ee59f77d) - CI: Fixed adding gitlab key (espressif/esp-lwip@5a2bdba7) - test case: modify test case test_tcp_new_max_num_remove_FIN_WAIT_1 (espressif/esp-lwip@6b090f7d) - add function for deinit lwip timers (espressif/esp-lwip@2749568f) - dhcp: Fix build issue that set ESP_DHCP_DISABLE_VENDOR_CLASS_IDENTIFIER to true will build fail (espressif/esp-lwip@d827dbf7) - Document that sntp_setservername doesn't copy the string (espressif/esp-lwip@54acdb59) #6786 - lwip/dhcp: add 60 option for vendor class identify (espressif/esp-lwip@ae7edc2a) espressif/esp-lwip#32 - dhcp: Restore dhcp_cb on restart after dhcp_release_and_stop() (espressif/esp-lwip@55ea9d9c) #7217 - napt: Fix disbale IPv6 and enable NAPT will build error (espressif/esp-lwip@74cf7f9f) - napt: fix checksum of UDP (espressif/esp-lwip@bb63eed1) - sntp: Fix client receive KOD packet that make pool MEMP_SYS_TIMEOUT not be freed (espressif/esp-lwip@1c1642fe) - test case: add tcp state and reset test cases. (espressif/esp-lwip@67deb805) Closes #8300 Closes #8451
espressif-bot
pushed a commit
to espressif/esp-idf
that referenced
this issue
Jun 8, 2023
* Update submodule: git log --oneline 2195f7416fb3136831babf3e96c027a73075bd4f..6bb132e3797d5449a923804c75c57d458920f8ac Detailed description of the changes: - tcp_in/ooseq: Fix incorrect segment trim when FIN moved (espressif/esp-lwip@6bb132e3) - api_msg: fix tcp_abort thread safety (2.1.2-esp) (espressif/esp-lwip@53a6e019) - lwip:optimization dhcp coarse timer (espressif/esp-lwip@a7abf28e) - napt: Fix ip_portmap_add() to keep only one port mapping (espressif/esp-lwip@abab9fef) - reduce the DHCP Request timeout (espressif/esp-lwip@6fa02bd3) - lwip timer:optimization dhcp fine timer (espressif/esp-lwip@79182163) - optimization lwip ip4 reassembly timer (espressif/esp-lwip@17f41c9f) - optimization lwip ip6 reassembly timer (espressif/esp-lwip@c943fc5a) - optimization lwip dns timer (espressif/esp-lwip@7f5ab42c) - napt: Fix clean compilation (espressif/esp-lwip@6132c975) - Lwip:add TCP Fin2 timeout configuration (espressif/esp-lwip@15b4400e) - napt: Fix IP forwarding when forward netif enable NAPT (espressif/esp-lwip@c950063f) - napt/stats: Move some napt counters to stats module (espressif/esp-lwip@475d658a) - ip_napt_maint: Fix timestamp overflow handling (espressif/esp-lwip@2e904508) - napt: Fixes and improvements (espressif/esp-lwip@fb1f3552) - test/napt: Add unit test for IP forward with PBUF_REF (espressif/esp-lwip@76303df2) - napt: Fix PBUF_REF type to clone the pbuf before forwarding (espressif/esp-lwip@39068263) - version: Update version numbers to match 2.1.2-esp (espressif/esp-lwip@2b922919) - pppos: fix in_tail null (espressif/esp-lwip@537c69d5) - PPP: Add test exhibiting empty packet null-deref (espressif/esp-lwip@202a07da) - pbuf: Add pbuf_copy_partial_pbuf library function (espressif/esp-lwip@1c9cd9c1) - Add #define for minimum IPv6 MTU length (espressif/esp-lwip@d2dc577b) - zepif: Copy possibly chained output pbuf properly (espressif/esp-lwip@64ab7f2a) - icmp6: Don't copy too much data (espressif/esp-lwip@4a64731b) - icmp6: Fix copying of chained pbuf in reply (espressif/esp-lwip@7c822ff4) - icmp6: keep to the RFC and send as much as possible with icmp6 error messages (espressif/esp-lwip@29100ab6) - dns: Add API to clear dns cache (espressif/esp-lwip@ee59f77d) - CI: Fixed adding gitlab key (espressif/esp-lwip@5a2bdba7) - test case: modify test case test_tcp_new_max_num_remove_FIN_WAIT_1 (espressif/esp-lwip@6b090f7d) - add function for deinit lwip timers (espressif/esp-lwip@2749568f) - dhcp: Fix build issue that set ESP_DHCP_DISABLE_VENDOR_CLASS_IDENTIFIER to true will build fail (espressif/esp-lwip@d827dbf7) - Document that sntp_setservername doesn't copy the string (espressif/esp-lwip@54acdb59) - Closes #6786 - lwip/dhcp: add 60 option for vendor class identify (espressif/esp-lwip@ae7edc2a) - Closes espressif/esp-lwip#32 - dhcp: Restore dhcp_cb on restart after dhcp_release_and_stop() (espressif/esp-lwip@55ea9d9c) - Closes #7217 - napt: Fix disbale IPv6 and enable NAPT will build error (espressif/esp-lwip@74cf7f9f) - napt: fix checksum of UDP (espressif/esp-lwip@bb63eed1) - sntp: Fix client receive KOD packet that make pool MEMP_SYS_TIMEOUT not be freed (espressif/esp-lwip@1c1642fe) - test case: add tcp state and reset test cases. (espressif/esp-lwip@67deb805)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On a DHCP lease renewal failure, the lwIP does a
dhcp_release_and_stop()and then adhcp_start()https://github.com/espressif/esp-lwip/blob/2.1.2-esp/src/core/ipv4/dhcp.c#L462
The call to
dhcp_start()zeroes the dhcp struct, thus removing thedhcp_set_cb()callback, and even though the interface can obtain a new IP when the dhcp server comes back, it never notifies the app againhttps://github.com/espressif/esp-lwip/blob/2.1.2-esp/src/core/ipv4/dhcp.c#L850
The text was updated successfully, but these errors were encountered: