[Dnsmasq-discuss] DHCPv6 Protocol Compliance Violations in DNSMASQ

Simon Kelley simon at thekelleys.org.uk
Sun Jul 20 16:44:48 UTC 2025


This is useful work, thanks. My reply is below.

Simon.


Violation 1:
Looks quite straightforward and accurate - I'll work on a fix.

Violation 3:
The server does not have a configuration option to enable or
disable rapid commit. It always allows rapid commit. (There is
a rapid-commit configuration for DHCPv4, but this doesn't apply
to DHCPv6 and is documented as such.) Since the server always
allows rapid-commit, the behaviour is correct. One could argue
that a rapid-comit configuration option would be useful, but it is
not, as far as I can see, required.

Violation 4:
This should probably be altered so that the behaviour is
controlled by the "dhcp-authoritative" option, which controls
the same behaviour in the same way in DHCPv4.

Violation 5:
Looks correct and will be fixed.

Violation 6:
Trivial fix, will be done.

Violation 7:
I think this is not a problem. The MUST condition applies to
clients which are creating messages sent to server.
There is no condition that a server MUST reject messages which
violate this condition, and without that the Robustness Principle
applies and a the server should be liberal in what it accepts.

Violation 8:
Re-reading RFC3315, I can see how I misundertood this when writing
the code originally. It's clearer in 8415. Definitely a problem.
In the fix list.

Violation 9:
Fixing this probably comes for free with violation 8.

Violation 10:
Since dnsmasq doesn't support DHCP-PD, it never assigns delegated
prefixes. The behaviour is therefore arguably correct.

Violation 11:
This needs more thought. dnsmasq's relay system uses local
storage to hold the scope-id over a relay transaction, so
in almost all cases, no Interface-ID option is needed. One
could conceive of a relay which has two distinct interfaces
with the same prefix on which it can recieve DHCPv6 messages.
That would confuse the existing mechanism.
I'm not sure if that's a realistic scenario.

Violation 12: My answer to Violation 7 applies here.



On 7/18/25 03:41, 宋相普 wrote:
> Sorry, I’ve just added the PDF report as an attachment.
> This is my first time discussing through the mailing list, so I’m not 
> very familiar with some of the procedures.
> 
> 
> 
> 
> 发件人:Dan Schaper <dan.schaper at pi-hole.net>
> 发送日期:2025-07-18 08:48:51
> 收件人:"宋相普" <songxiangpu at mail.sdu.edu.cn>,dnsmasq- 
> discuss at lists.thekelleys.org.uk
> 主题:Re: [Dnsmasq-discuss] DHCPv6 Protocol Compliance Violations in DNSMASQ
> 
>     Can you provide your report in a PDF please. I'm quite surprised
>     that a security researcher would provide proof via a zipfile of
>     unknown provenance and unknown content.
> 
>     Dan
> 
> 
>     ------ Original Message ------
>      From "宋相普" <songxiangpu at mail.sdu.edu.cn
>     <mailto:songxiangpu at mail.sdu.edu.cn>>
>     To dnsmasq-discuss at lists.thekelleys.org.uk <mailto:dnsmasq-
>     discuss at lists.thekelleys.org.uk>
>     Date 7/16/2025 7:02:19 AM
>     Subject [Dnsmasq-discuss] DHCPv6 Protocol Compliance Violations in
>     DNSMASQ
> 
>>     Hi,
>>
>>     We are writing to report the results of a recent analysis we
>>     conducted on the DHCPv6 implementation in |dnsmasq|. Our work
>>     focused on verifying its compliance against the most recent DHCPv6
>>     specification, RFC 8415.
>>
>>     During our analysis, we identified dozens of instances where the
>>     implementation's behavior deviates from the mandatory requirements
>>     of the RFC. While many of these are minor protocol non-
>>     compliances, several have potential security implications that we
>>     believe warrant a high-priority review.
>>
>>     Due to the number of findings, we have compiled a comprehensive
>>     report detailing each issue, which is provided as an attachment to
>>     this email. We hope this report is helpful.
>>
>>     Best regards,
>>
>>     Xiangpu Song
>>
>>
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list