check for request for authentication server allows bypassing?

Peter Warasin peter at
Tue Aug 5 17:34:02 UTC 2008

Hi guys

I found out that coovachilli allows access to the whole uamlisten ip 
address whether the user is authenticated or not.

In my case there is a squid running on the same host, which then allows 
people to bypass the hotspot by manually configure their browsers in 
order to use that proxy.

This is due to some lines commented out in dhcp.c:1936, which makes the 
check whether it is a request for the auth server or not less specific.

------------------------- snip ----------------------------------
   /* Was it a request for authentication server? */
   for (i = 0; i<this->authiplen; i++) {
     if ((pack->iph.daddr == this->authip[i].s_addr) /* &&
	(pack->iph.protocol == PKT_IP_PROTO_TCP) &&
	((tcph->dst == htons(DHCP_HTTP)) ||
	(tcph->dst == htons(DHCP_HTTPS)))*/)
       return 0; /* Destination was authentication server */
------------------------- snap ----------------------------------

I would like to ask why these lines are commented out and if it is safe 
to remove the comment and bring them back in? That would close the hole.

I tested with the correct check (lines not commented out), which is 
working fine for me (dhcp and anyip). uamallow is also working fine.

So I am wondering if there is some reason, something I am missing, why 
this check has been made less specific.

I attach a patch which removes the comment, for the case that there is 
no reason for disabling that lines.

kind regards


:: e n d i a n
:: open source - open minds

:: peter warasin
::   :: peter at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: close_access_to_host.patch
Type: text/x-diff
Size: 1033 bytes
Desc: not available
URL: <>

More information about the Chilli mailing list