Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

No bounds-checking in processing of DHCP Options

Description

User reports the following messages in dhcpd.log:

I tracked down a copy of the jdhcp-1.1.1 source code and found that the DHCPOptions class' internalize method does no bounds checking.

The jDHCP project looks orphaned; should we consider adopting it and implementing some defensive code here? Or can we handle the exception gracefully on our side?

Environment

See https://mynms.opennms.com/Ticket/Display.html?id=5095

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Benjamin Reed September 7, 2017 at 2:52 PM

I have forked the original JDHCP code and put it here: https://github.com/OpenNMS/jdhcp

 

JDHCP has been modernized a little bit (still Java 1.5-compatible though) and I added some more explicit bounds-checking to throw an exception with a little more info in it.

 

As far as I can tell you cannot hit this particular exception without it actually being an unparseable, malformed packet.  The structure of the DHCP packet is such that "options" are encoded using a length/offset system, so while parsing through the packet it will say, "the next 20 bytes is option 54".  The error occurs when the next offset for an option goes past the end of the packet.

Fixed

Details

Assignee

Reporter

Labels

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created June 12, 2017 at 11:41 AM
Updated September 20, 2017 at 3:32 PM
Resolved September 11, 2017 at 3:36 PM