diff options
author | Sean Karlage <skarlage@fb.com> | 2018-09-29 11:44:09 -0700 |
---|---|---|
committer | insomniac <insomniacslk@users.noreply.github.com> | 2018-09-29 21:11:03 +0100 |
commit | 82aa6a6cc8ea2b0a7961383b3248ba4bad6a14f5 (patch) | |
tree | d350acd4ef0c279d11ae37f2191e6016d057da79 | |
parent | 705562ea82b711f372f75ad325d180372ae2ac40 (diff) |
BSDP: Fix parsing offset for boot image lists
While parsing boot images, the current code reads to the end of the data
stream; however, this could lead to reading past the boot image option
and reading into the next option. Instead, contain how far the option
parsing code reads by only looking at the max length specified in the
option.
-rw-r--r-- | dhcpv4/bsdp/bsdp_option_boot_image_list.go | 2 | ||||
-rw-r--r-- | dhcpv4/bsdp/bsdp_option_boot_image_list_test.go | 21 | ||||
-rw-r--r-- | dhcpv4/bsdp/option_vendor_specific_information_test.go | 53 |
3 files changed, 74 insertions, 2 deletions
diff --git a/dhcpv4/bsdp/bsdp_option_boot_image_list.go b/dhcpv4/bsdp/bsdp_option_boot_image_list.go index 04eb7cd..6417221 100644 --- a/dhcpv4/bsdp/bsdp_option_boot_image_list.go +++ b/dhcpv4/bsdp/bsdp_option_boot_image_list.go @@ -34,7 +34,7 @@ func ParseOptBootImageList(data []byte) (*OptBootImageList, error) { var bootImages []BootImage idx := 2 for { - if idx >= len(data) { + if idx >= length+2 { break } image, err := BootImageFromBytes(data[idx:]) diff --git a/dhcpv4/bsdp/bsdp_option_boot_image_list_test.go b/dhcpv4/bsdp/bsdp_option_boot_image_list_test.go index 42bf91c..d2784ae 100644 --- a/dhcpv4/bsdp/bsdp_option_boot_image_list_test.go +++ b/dhcpv4/bsdp/bsdp_option_boot_image_list_test.go @@ -101,13 +101,32 @@ func TestParseOptBootImageList(t *testing.T) { 0x1, 0x0, 0x03, 0xe9, // ID 4, // name length 'b', 's', 'd', 'p', '-', '1', - // boot image 1 + // boot image 2 0x80, 0x0, 0x23, 0x31, // ID 6, // name length 'b', 's', 'd', 'p', '-', '2', } _, err = ParseOptBootImageList(data) require.Error(t, err, "should get error from bad boot image") + + // Should not get error parsing boot image with excess length. + data = []byte{ + 9, // code + 22, // length + // boot image 1 + 0x1, 0x0, 0x03, 0xe9, // ID + 6, // name length + 'b', 's', 'd', 'p', '-', '1', + // boot image 2 + 0x80, 0x0, 0x23, 0x31, // ID + 6, // name length + 'b', 's', 'd', 'p', '-', '2', + + // Simulate another option after boot image list + 7, 4, 0x80, 0x0, 0x23, 0x32, + } + _, err = ParseOptBootImageList(data) + require.NoError(t, err, "should not get error from options after boot image list") } func TestOptBootImageListString(t *testing.T) { diff --git a/dhcpv4/bsdp/option_vendor_specific_information_test.go b/dhcpv4/bsdp/option_vendor_specific_information_test.go index 5e7689d..8a4368f 100644 --- a/dhcpv4/bsdp/option_vendor_specific_information_test.go +++ b/dhcpv4/bsdp/option_vendor_specific_information_test.go @@ -82,6 +82,59 @@ func TestParseOptVendorSpecificInformation(t *testing.T) { } o, err = ParseOptVendorSpecificInformation(data) require.Error(t, err) + + // Boot images + default. + data = []byte{ + 43, // code + 7, // length + 1, 1, 1, // List option + 2, 2, 1, 1, // Version option + 5, 2, 1, 1, // Reply port option + + // Boot image list + 9, 22, + 0x1, 0x0, 0x03, 0xe9, // ID + 6, // name length + 'b', 's', 'd', 'p', '-', '1', + 0x80, 0x0, 0x23, 0x31, // ID + 6, // name length + 'b', 's', 'd', 'p', '-', '2', + + // Default Boot Image ID + 7, 4, 0x1, 0x0, 0x03, 0xe9, + } + o, err = ParseOptVendorSpecificInformation(data) + require.NoError(t, err) + require.Equal(t, 5, len(o.Options)) + for _, opt := range []dhcpv4.OptionCode{ + OptionMessageType, + OptionVersion, + OptionReplyPort, + OptionBootImageList, + OptionDefaultBootImageID, + } { + require.True(t, dhcpv4.HasOption(o, opt)) + } + optBootImage := o.GetOneOption(OptionBootImageList).(*OptBootImageList) + expectedBootImages := []BootImage{ + BootImage{ + ID: BootImageID{ + IsInstall: false, + ImageType: BootImageTypeMacOSX, + Index: 1001, + }, + Name: "bsdp-1", + }, + BootImage{ + ID: BootImageID{ + IsInstall: true, + ImageType: BootImageTypeMacOS9, + Index: 9009, + }, + Name: "bsdp-2", + }, + } + require.Equal(t, expectedBootImages, optBootImage.Images) } func TestOptVendorSpecificInformationString(t *testing.T) { |