From: David Hankins <dhankins@isc.org>
Date: Tue, 25 May 2010 17:40:28 +0000 (+0000)
Subject: - A bug was fixed that could cause the DHCPv6 server to advertise/assign a
X-Git-Tag: v4_3_0a1~281
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d8c3d6eedd00a71baec703029a4cfa64331adbc;p=thirdparty%2Fdhcp.git

- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
  previously allocated (active) lease to a client that has changed subnets,
  despite being on different shared networks.  Dynamic prefixes specifically
  allocated in shared networks also now are not offered if the client has
  moved.  [ISC-Bugs #21152]
---

diff --git a/RELNOTES b/RELNOTES
index b85a0e8f9..6706df590 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -39,6 +39,7 @@ The system has only been tested on Linux, FreeBSD, and Solaris, and may not
 work on other platforms. Please report any problems and suggested fixes to
 <dhcp-users@isc.org>.
 
+
 			Changes since 4.2.0b1
 
 - Prohibit including lease time information in a response to a DHCP INFORM.
@@ -56,6 +57,12 @@ work on other platforms. Please report any problems and suggested fixes to
   also didn't do much as we exited afterwards anyway.   Now we simply log
   the error and exit. [ISC-Bugs #21093]
 
+- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
+  previously allocated (active) lease to a client that has changed subnets,
+  despite being on different shared networks.  Dynamic prefixes specifically
+  allocated in shared networks also now are not offered if the client has
+  moved.  [ISC-Bugs #21152]
+
 			Changes since 4.2.0a2
 
 - Update the fsync code to work with the changes to the DDNS code.  It now
diff --git a/server/dhcpv6.c b/server/dhcpv6.c
index cc69e1550..7d6129df7 100644
--- a/server/dhcpv6.c
+++ b/server/dhcpv6.c
@@ -2760,9 +2760,18 @@ find_client_address(struct reply_state *reply) {
 
 	if (reply->old_ia != NULL)  {
 		for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
+			struct shared_network *candidate_shared;
+
 			lease = reply->old_ia->iasubopt[i];
+			candidate_shared = lease->ipv6_pool->shared_network;
 
-			best_lease = lease_compare(lease, best_lease);
+			/*
+			 * Look for the best lease on the client's shared
+			 * network.
+			 */
+			if (candidate_shared == reply->shared) {
+				best_lease = lease_compare(lease, best_lease);
+			}
 		}
 	}
 
@@ -3746,10 +3755,21 @@ find_client_prefix(struct reply_state *reply) {
 
 	if (reply->old_ia != NULL)  {
 		for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
+			struct shared_network *candidate_shared;
+
 			prefix = reply->old_ia->iasubopt[i];
+			candidate_shared = prefix->ipv6_pool->shared_network;
 
-			best_prefix = prefix_compare(reply, prefix,
-						     best_prefix);
+			/*
+			 * Consider this prefix if it is in a global pool or
+			 * if it is scoped in a pool under the client's shared
+			 * network.
+			 */
+			if (candidate_shared == NULL ||
+			    candidate_shared == reply->shared) {
+				best_prefix = prefix_compare(reply, prefix,
+							     best_prefix);
+			}
 		}
 	}