[pkg-dhcp-devel] Bug#768973: leases database grows infinitely, DoS on the server

martin f krafft madduck at debian.org
Mon Nov 10 13:59:15 UTC 2014 

Package: isc-dhcp-server
Version: 4.2.2.dfsg.1-5+deb70u6
Severity: important

I have /var/lib/dhcp on a tmpfs on an embedded device, and I set
aside 16M for the filesystem (embedded system).

Every now and then, some weird client comes online and within a day,
the filesystem fills up and the DHCP server stops working properly:

  Nov 10 14:50:15 wall dhcpd: commit_leases: unable to commit: No space left on device
  Nov 10 14:50:15 wall dhcpd: DHCPREQUEST for 192.168.14.143 from 00:04:23:72:4e:6c (wing) via lan: database update failed

When I look at the leases file, it is filled with entries like this:

  lease 192.168.14.143 {
    starts 1 2014/11/10 11:38:00;
    ends 4 2014/11/13 11:38:00;
    cltt 1 2014/11/10 11:38:00;
    binding state active;
    next binding state free;
    rewind binding state free;
    hardware ethernet 00:04:23:72:4e:6c;
    client-hostname "wing";
  }
  lease 192.168.14.143 {
    starts 1 2014/11/10 11:38:03;
    ends 4 2014/11/13 11:38:03;
    cltt 1 2014/11/10 11:38:03;
    binding state active;
    next binding state free;
    rewind binding state free;
    hardware ethernet 00:04:23:72:4e:6c;
    client-hostname "wing";
  }

Every 3–5 seconds, a new entry is added, with identical content,
until the 16M are full. Arguably, the client should be taken offline
(it's a new Ubuntu system…), but in any case, this should not take
down the DHCP server.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages isc-dhcp-server depends on:
ii  debconf [debconf-2.0]  1.5.53
ii  debianutils            4.4
ii  isc-dhcp-common        4.3.1-4
ii  libc6                  2.19-11
ii  lsb-base               4.1+Debian13

isc-dhcp-server recommends no packages.

Versions of packages isc-dhcp-server suggests:
pn  isc-dhcp-server-ldap  <none>

-- Configuration Files:
/etc/dhcp/dhcpd.conf changed [not included]

-- debconf information excluded


-- 
 .''`.   martin f. krafft <madduck at d.o> @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1107 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20141110/455a5f1e/attachment.sig>

More information about the pkg-dhcp-devel mailing list