From 0f15ed5545b143ced64cc1a99abbd5c1cbdfd729 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sat, 22 Mar 2025 10:53:34 +0100
Subject: [PATCH] DHCP: Fix printing IP address pairs options

'p' is used by the options Policy Filter (21) and Static Route (33).
They have a minimum length of 8 and the length MUST be a multiple of 8.
Check that.

Add a test file for option 33 (lengths: 8, 16, 24, 3, 0), build with
scapy.

(cherry picked from commit a4508ee9abc27eb8e08191a206fb57edd8996273)
---
 print-bootp.c             |   8 +++++
 tests/TESTLIST            |   1 +
 tests/dhcp-option-33.out  |  60 ++++++++++++++++++++++++++++++++++++++
 tests/dhcp-option-33.pcap | Bin 0 -> 1655 bytes
 4 files changed, 69 insertions(+)
 create mode 100644 tests/dhcp-option-33.out
 create mode 100644 tests/dhcp-option-33.pcap

diff --git a/print-bootp.c b/print-bootp.c
index 10f4280c..10048b4e 100644
--- a/print-bootp.c
+++ b/print-bootp.c
@@ -703,6 +703,14 @@ rfc1048_print(netdissect_options *ndo,
 
 		case 'p':
 			/* IP address pairs */
+			/* this option should be N x 8 bytes long */
+			if (len < 8 || len % 8 != 0) {
+				ND_PRINT("%s[length != N x 8 bytes]",
+					 len == 0 ? " " : "");
+				bp += len;
+				len = 0;
+				break;
+			}
 			while (len >= 2*4) {
 				if (!first)
 					ND_PRINT(",");
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 827aeba2..b5dd42c2 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -451,6 +451,7 @@ dhcp-rfc3004	dhcp-rfc3004.pcap	dhcp-rfc3004-v.out	-v
 dhcp-rfc4388	dhcp-rfc4388.pcap	dhcp-rfc4388.out	-v
 dhcp-rfc5859	dhcp-rfc5859.pcap	dhcp-rfc5859-v.out	-v
 dhcp-mud	dhcp-mud.pcap		dhcp-mud.out	-vv
+dhcp-option-33	dhcp-option-33.pcap	dhcp-option-33.out	-vvv
 
 # VXLAN tests
 vxlan  vxlan.pcap  vxlan.out -e
diff --git a/tests/dhcp-option-33.out b/tests/dhcp-option-33.out
new file mode 100644
index 00000000..cd772e79
--- /dev/null
+++ b/tests/dhcp-option-33.out
@@ -0,0 +1,60 @@
+    1  2025-03-22 09:05:13.138257 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 294)
+    192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 266, xid 0x12345678, Flags [none] (0x0000)
+	  Your-IP 192.168.1.100
+	  Server-IP 192.168.1.1
+	  Client-Ethernet-Address 00:11:22:33:44:55
+	  Vendor-rfc1048 Extensions
+	    Magic Cookie 0x63825363
+	    DHCP-Message (53), length 1: Offer
+	    Server-ID (54), length 4: 192.168.1.1
+	    Lease-Time (51), length 4: 86400
+	    Static-Route (33), length 8: (10.0.0.1:10.0.0.2)
+	    END (255), length 0
+    2  2025-03-22 09:05:13.141437 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 302)
+    192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 274, xid 0x12345678, Flags [none] (0x0000)
+	  Your-IP 192.168.1.100
+	  Server-IP 192.168.1.1
+	  Client-Ethernet-Address 00:11:22:33:44:55
+	  Vendor-rfc1048 Extensions
+	    Magic Cookie 0x63825363
+	    DHCP-Message (53), length 1: Offer
+	    Server-ID (54), length 4: 192.168.1.1
+	    Lease-Time (51), length 4: 86400
+	    Static-Route (33), length 16: (10.0.0.1:10.0.0.2),(10.0.0.3:10.0.0.4)
+	    END (255), length 0
+    3  2025-03-22 09:05:13.144047 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 310)
+    192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 282, xid 0x12345678, Flags [none] (0x0000)
+	  Your-IP 192.168.1.100
+	  Server-IP 192.168.1.1
+	  Client-Ethernet-Address 00:11:22:33:44:55
+	  Vendor-rfc1048 Extensions
+	    Magic Cookie 0x63825363
+	    DHCP-Message (53), length 1: Offer
+	    Server-ID (54), length 4: 192.168.1.1
+	    Lease-Time (51), length 4: 86400
+	    Static-Route (33), length 24: (10.0.0.1:10.0.0.2),(10.0.0.3:10.0.0.4),(10.0.0.5:10.0.0.6)
+	    END (255), length 0
+    4  2025-03-22 09:05:13.146056 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 289)
+    192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 261, xid 0x12345678, Flags [none] (0x0000)
+	  Your-IP 192.168.1.100
+	  Server-IP 192.168.1.1
+	  Client-Ethernet-Address 00:11:22:33:44:55
+	  Vendor-rfc1048 Extensions
+	    Magic Cookie 0x63825363
+	    DHCP-Message (53), length 1: Offer
+	    Server-ID (54), length 4: 192.168.1.1
+	    Lease-Time (51), length 4: 86400
+	    Static-Route (33), length 3: [length != N x 8 bytes]
+	    END (255), length 0
+    5  2025-03-22 09:05:13.148070 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 286)
+    192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 258, xid 0x12345678, Flags [none] (0x0000)
+	  Your-IP 192.168.1.100
+	  Server-IP 192.168.1.1
+	  Client-Ethernet-Address 00:11:22:33:44:55
+	  Vendor-rfc1048 Extensions
+	    Magic Cookie 0x63825363
+	    DHCP-Message (53), length 1: Offer
+	    Server-ID (54), length 4: 192.168.1.1
+	    Lease-Time (51), length 4: 86400
+	    Static-Route (33), length 0 [length != N x 8 bytes]
+	    END (255), length 0
diff --git a/tests/dhcp-option-33.pcap b/tests/dhcp-option-33.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..9f82bfa58536d4e11572fbf76187bee6572fea76
GIT binary patch
literal 1655
zcmca|c+)~A1{MYw`2U}Qff2~@ti6{mD8s~H0_1@3e=uNRWMXDv<zR4SU{nJsa}eAi
zdte14BS@0LnZbooXfrDlBO8N|NmvEUM4)^MNDY`TsATLC3X>W7baGR0vMD2z84JjR
z#w-ksfenfrT)+?nVy6F~Fs#*JVz2@F9fUE$P!Af0q9|b~wfNyk4?_W17y@Z#AZ7uF
z<$5C~U=m{hV~nsggN7w9N?0mQ*gMk0QUX0JfqYgVW&?+5hZPfpJ}^u{7$Zy-p<$|o
s5~jR+#YcLWg3=^7_|lx17<7O^2f`S^CkG8aRg~c4+NU|vgOA}q0Iipmj{pDw

literal 0
HcmV?d00001

-- 
2.39.5