-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added PXE DHCP options #559
base: main
Are you sure you want to change the base?
Conversation
e41c8ec
to
7064337
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! Code looks good.
The DHCP fuzzer (#562) found a few issues though.
- Out of bounds at line 215 if option data length is 0.
- emit panics at line 306, maybe something wrong in
buffer_len
.
Could you fix them, and then run the fuzzer yourself to check there are no more? If you get the fuzzer to run for 10-15min without finding anything it should be good to go.
@@ -166,13 +362,39 @@ impl<'a> DhcpOption<'a> { | |||
} | |||
_ => { | |||
skip_length = self.buffer_len(); | |||
|
|||
assert!(skip_length <= buffer.len()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@whitequark @Dirbaio I have a problem I can't return an error in this function, so in the case someone puts an 'Other' option with a very large payload into the function and the supplied buffer is smaller, then this function panics. I don't want to silently return and ignore the option either. But the fuzzer will find this crash and stop there. What I did now is insert an assert so the panic is easier to reason about
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's OK for emit
to panic if the supplied buffer len is not exactly equal to the length provided by buffer_len
.It's the caller's responsibility to ensure that.
I guess it's either a bug in the fuzzer (but from a quick look it looks OK to me) or a mismatch in the length you return from buffer_len
and the length you require in emit
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Dirbaio Ah alright yeah the Repr returns the incorrect size and the fuzzer allocates exactly that size, I see! As I'm looking into it that bug already existed beforehand
If someone wants to open up a new reworked pull request go ahead :-) I sadly won't be able to work on this for at least a couple of months sadly |
I added three new DHCP options for PXE boot defined in this RFC4578
Appropriate tests have been added too. I also added two option fields vendor id and time offset from RFC2132