OpenWrt DHCP Server https://git.openwrt.org/project/odhcpd/atom?h=master 2026-03-16T17:50:03Z 2026-03-16T17:50:03Z Eric Fahlgren 2026-03-11T14:10:27Z urn:sha1:160e5fa3957cfd9d89f8ff7493f28a8baaf6ced7 From https://www.rfc-editor.org/rfc/rfc8106#section-5.2 regarding the DNSSL field: Because the size of this field MUST be a multiple of 8 octets, for the minimum multiple including the domain name representations, the remaining octets other than the encoding parts of the domain name representations MUST be padded with zeros. The current code leaves the trailing octets in uninitialized state, resulting in parsing errors on (at least) systemd RA clients. This commit restores the explicit zeroing of the trailing octets. Closes: https://github.com/openwrt/openwrt/issues/22351 Fixes: 0a54ce0d2b57 ("odhcpd: rename iface->search -> iface->dns_search") Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/386 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2026-03-16T17:47:36Z Mark H. Spatz 2026-03-01T00:22:24Z urn:sha1:2a316dbfd798abf57b1b8ee5bc27de7e36ff1a25 When DHCPV4_SUPPORT is not defined, a stub implementation of dhcpv4_free_lease() is provided that logs an error when it's called. A couple sites in config.c unconditionally free the dhcpv4_lease field of struct lease_cfg, causing log spam like: | Trying to free IPv4 assignment 0x(nil) Silence by making the stub a noop if the argument is NULL, just like the actual implementation. Closes: https://github.com/openwrt/odhcpd/issues/382 Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/384 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2026-03-16T17:46:15Z Mark H. Spatz 2026-02-28T19:08:34Z urn:sha1:b960d4cbe27b7efa0b8681e1fb486c99d002a647 The assigned_subnet_id field in struct dhcpv6_lease is uint32_t, not uint16_t. Unlikely to matter in practice, since the number of meaningful bits in the field is (assignment size) - (interface assignemt size), so largest typically be 64 - 48 = 16. But it is possible to assign a /32 to an interface in openwrt. Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/383 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2026-03-16T17:33:48Z Mark H. Spatz 2026-03-04T16:33:54Z urn:sha1:4e26e13613359766051467b97cfdf2c19e1465b1 dhcpv4_free_lease() unconditionally calls avl_delete() to remove the lease from the avl tree at lease->iface->dhcpv4_leases. This corrupts the tree if the lease is not in it, which happens if dhcpv4_assign() returns false during address reassignment (line ~611) or assignment (line ~630). The check for (lease->iface == NULL) before avl_delete() does not guard against this and is not necessary, because lease->iface is populated by dhcpv4_alloc_lease() and never cleared. Fix by explicitly checking that the lease is in the tree before deleting it. Fixes: aa6870b ("dhcpv4: use an AVL to store leases") Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/381 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2026-03-16T17:33:44Z Mark H. Spatz 2026-02-18T16:41:47Z urn:sha1:ea5af5bffa2d84df764572d32711fa335fb3c5ef dhcpv4_free_lease already calls avl_delete() on the node it's freeing, and thus shouldn't be called inside an avl_remove_all_elements() loop. Use avl_for_each_element_safe() instead. Its documentation says: "This loop can be used if the current element might be removed from the tree during the loop." Closes: https://github.com/openwrt/odhcpd/issues/371 Signed-off-by: Mark H. Spatz <mark.h.spatz@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/381 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2026-03-12T22:26:23Z Alexander Couzens 2026-02-06T13:15:03Z urn:sha1:13cec018c0d9bd452f4cb5e583c52fdf206cdc31 snprintf() returns also in the failure case how many characters would have been required to print the full string. Check return of snprintf() and ensure the log_ctxt->buf_idx never points outside of the given log_ctxt->buf. Fixes: TOB-OWRT-5 Reported-by: Trail of Bits Signed-off-by: Alexander Couzens <lynxis@fe80.eu> 2026-01-19T18:56:28Z Paul Donald 2026-01-19T00:07:44Z urn:sha1:13ef483716a504378b223d668c2482c93a804336 Logging in dhcpv4_handle_msg() was changed from debug to error during code refactor. Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/375 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2026-01-10T09:45:22Z Paul Donald 2025-12-30T15:13:29Z urn:sha1:3cbbea830ddd1d9e55a5ba77b49bacbac0257685 Sockets are handled for most usage paths, except for shutdown. Handle those at shutdown. Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/367 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2025-12-22T16:52:18Z Paul Donald 2025-12-22T13:44:58Z urn:sha1:9857adb8ac999742836e5c30e75da9aad34a4ba9 Rewrite core logic using switch cases for clarity and improved performance. This also simplifies the DHCPV6_MSG_REBIND cases: DHCPV6_MSG_REBIND and !a is parsed in the switch DHCPV6_MSG_REBIND and a is now parsed after the switch (5 lines) Signed-off-by: Paul Donald <newtwen+github@gmail.com> https://github.com/openwrt/odhcpd/pull/360 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> 2025-12-22T10:11:42Z Paul Donald 2025-12-19T02:26:11Z urn:sha1:5a13d875ac71d52a221515a30d21916ed4976126 so the number 4 isn't so mysterious at first glance. Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: https://github.com/openwrt/odhcpd/pull/363 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>