From: Stefano Brivio <sbrivio@redhat.com>
To: Enrique Llorente Pastora <ellorent@redhat.com>
Cc: passt-dev@passt.top
Subject: Re: [PATCH v8] dhcp, dhcpv6: Add hostname and client fqdn ops
Date: Tue, 14 Jan 2025 20:32:59 +0100 [thread overview]
Message-ID: <20250114203259.3cd0a190@elisabeth> (raw)
In-Reply-To: <CAHVoYmJPxGHkt=WqU7H59pW0LPN=AjMm7Ov7Vs7poMSeLAfHaA@mail.gmail.com>
On Tue, 14 Jan 2025 15:01:33 +0100
Enrique Llorente Pastora <ellorent@redhat.com> wrote:
> On Sat, Jan 11, 2025 at 12:53 AM Stefano Brivio <sbrivio@redhat.com> wrote:
> >
> > On Fri, 10 Jan 2025 11:26:26 +0100
> > Enrique Llorente <ellorent@redhat.com> wrote:
> >
> > > @@ -162,17 +180,20 @@ static int fill(struct msg *m)
> > > * Put it there explicitly, unless requested via option 55.
> > > */
> > > if (opts[55].clen > 0 && !memchr(opts[55].c, 53, opts[55].clen))
> > > - fill_one(m, 53, &offset);
> > > + offset = fill_one(m, 53, offset);
> >
> > Now suppose that somebody adds a "long" option before this block, or...
> >
> > >
> > > for (i = 0; i < opts[55].clen; i++) {
> > > o = opts[55].c[i];
> > > if (opts[o].slen != -1)
> > > - fill_one(m, o, &offset);
> > > + offset = fill_one(m, o, offset);
> > > }
> >
> > before this one, and fill_one() returns -1. Then...
> >
> > > for (o = 0; o < 255; o++) {
> > > - if (opts[o].slen != -1 && !opts[o].sent)
> > > - fill_one(m, o, &offset);
> > > + if (opts[o].slen != -1 && !opts[o].sent) {
> > > + offset = fill_one(m, o, offset);
> >
> > you use offset as -1 here, and boom. If not, see directly below).
> >
> > > + if (offset == -1)
> >
> > Or maybe the domain name is actually too long, and offset is -1 here...
> >
> > > + debug("DHCP: skipping option %i", o);
> > > + }
> > > }
> > >
> > > m->o[offset++] = 255;
> >
> > ...and boom. This sets the last byte of "magic" (depending on the
> > architecture) to 0xff, making the whole message invalid.
>
> well, I was expecting the only problematic options being at > 55
> (didn't check the standard)
> but I agree that we have to be consistent on handling the fill_in result.
Sure, that's the (reasonable) expectation, but note that you would have
the same problem even with a domain name that's too long for fill_one().
--
Stefano
prev parent reply other threads:[~2025-01-14 19:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-10 10:26 [PATCH v8] dhcp, dhcpv6: Add hostname and client fqdn ops Enrique Llorente
2025-01-10 23:52 ` Stefano Brivio
2025-01-14 14:01 ` Enrique Llorente Pastora
2025-01-14 19:32 ` Stefano Brivio [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250114203259.3cd0a190@elisabeth \
--to=sbrivio@redhat.com \
--cc=ellorent@redhat.com \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).