New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.0.x - DHCP v4 encoder loops forever if given a string option > 255 octets #2601
Comments
RFC 2131 says:
We should just chop up the "too long" inputs into multiple options. The RADIUS encoder does the same thing for some attributes. |
OK, thanks for the RFC pointer. No urgency whatsoever of course. |
I don't see it looping forever in a test case, so I'm not sure what's wrong there. I'll push a fix to split the option automatically |
You can reproduce it with dhcpclient, e.g. with a 256 octets-long option:
|
"0" is a valid return value from encode_option, which means that it couldn't do anything
The issue here I think is "256", and not "300". :( It loops forever if I've pushed a fix so it doesn't loop forever. The larger fix of splitting data across multiple options will take more time. |
this currently only works for RFC attributes. A fix for TLVs is the next step
The fixes above should work. I've added the example to the test cases |
Thanks for the fixes. I tried with an option 82 larger than 255 bytes. Encoding seems to work, but Wireshark is not happy ("no room left in option for suboption value"). But maybe it's just too dumb to decode such long options... My DHCP server returns an option 82 with a length of 0. However, FreeRADIUS cannot decode the reply: fr_dhcpv4_packet_decode fails. Seems it doesn't like an option with a length of 0. |
A sub-option (82.n) of 253 octets is encoded in two options: one of length 0, and the other of length 255 (containing the sub-option of 253 octets). |
Thanks for these last fixes, it seems ok now. Wireshark is still unhappy when a long sub-option is split across two options, but RFC 3396 clearly states how long options should be handled and I believe FreeRADIUS is now compliant :) (unless there's another RFC that says something different about sub-options...) |
Thanks for the review and update. |
Issue type
Defect
Calling DHCP v4 encoder function (fr_dhcpv4_packet_encode) with a value pair containing a value (string or octets) too long for a DHCP option (> 255) makes it loop forever.
Function encode_rfc_hdr calls encode_value, which returns -1 if there is not enough space.
Then it tries again. But there will never be enough space in 255 octets, so it loops forever.
Proposed fix:
Have function fr_dhcpv4_encode_option check the length of the value pair it has to encode to DHCP options. If it exceeds 255, return an error.
The text was updated successfully, but these errors were encountered: