Add support for RFC 6842, which says the client MUST drop packets when

the server provides a client-identifier value and it doesn't match
the value the client sent.

So stop suppressing client-identifer info in the leases file and when
reading the leases file stop discarding leases that don't have current
client-identifier info. Don't use them, but keep them around in case
the client-identifier info changes back next time.

Also construct the default client-identifier (if needed) before reading
the leases file.

1 files changed, 18 insertions, 1 deletions

diff --git a/sbin/dhclient/options.c b/sbin/dhclient/options.c
index 2a85ea50126..93aa1f2b3b0 100644
--- a/sbin/dhclient/options.c
+++ b/sbin/dhclient/options.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: options.c,v 1.78 2016/09/02 15:44:26 mpi Exp $	*/
+/*	$OpenBSD: options.c,v 1.79 2016/10/06 16:29:17 krw Exp $	*/
 
 /* DHCP options parsing and reassembly. */
 
@@ -711,6 +711,22 @@ do_packet(struct interface_info *ifi, unsigned int from_port,
 				    (unsigned char *)packet->sname,
 				    sizeof(packet->sname));
 		}
+
+		/*
+		 * RFC 6842 says if the server sends a client identifier
+		 * that doesn't match then the packet must be dropped.
+		 */
+		i = DHO_DHCP_CLIENT_IDENTIFIER;
+		if ((options[i].len != 0) &&
+		    ((options[i].len != config->send_options[i].len) ||
+		    memcmp(options[i].data, config->send_options[i].data,
+		    options[i].len) != 0)) {
+#ifdef DEBUG
+			debug("Discarding packet with client-identifier '%s'",
+			    pretty_print_option(i, &options[i], 0));
+#endif
+			goto done;
+		}
 	}
 
 	type = "<unknown>";
@@ -757,6 +773,7 @@ do_packet(struct interface_info *ifi, unsigned int from_port,
 
 	free(info);
 
+done:
 	for (i = 0; i < 256; i++)
 		free(options[i].data);
 }