[lwip-devel] [bug #54805] IP address can not be obtained over dhcp if PB

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #54805] IP address can not be obtained over dhcp if PB

From:	Christoph Chang
Subject:	[lwip-devel] [bug #54805] IP address can not be obtained over dhcp if PBUF_POOL_BUFSIZE is too small
Date:	Mon, 8 Oct 2018 10:08:47 -0400 (EDT)
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0

URL:
  <https://savannah.nongnu.org/bugs/?54805>

                 Summary: IP address can not be obtained over dhcp if
PBUF_POOL_BUFSIZE is too small
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: christophchang
            Submitted on: Mon 08 Oct 2018 02:08:42 PM UTC
                Category: DHCP
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: 2.0.3

    _______________________________________________________

Details:

Hi,
if the PBUF_POOL_BUFSIZE (project specific) is set to a smaller size than the
minimum dhcp message size and a dhcp message is received with an
DHCP_OPTION_OVERLOAD flag, that is correctly set in the options field (but not
set in the file or sname field), a valid IP address cannot be obtained.

Instead I get the assertion text:
"overload in file/sname" failed at line 1561 ..."
(in \src\core\ipv4\dhcp.c using lwip 2.0.3)
which should prevent an endless loop, in case the DHCP_OPTION_OVERLOAD is set
in the file or sname field:
* dhcp.c: fixed bug #49676 (Possible endless loop when parsing dhcp options)

If PBUF_POOL_BUFSIZE is smaller than a dhcp message or at least the
DHCP_OPTIONS_OFS, in

1491  while ((q != NULL) && (options_idx >= q->len)) {
1492    options_idx -= q->len;
1493    options_idx_max -= q->len;
1494    q = q->next;
1495  }

the options_idx will be corrected to match the offset in the pbuf containing
the option field. In this case 
1561  LWIP_ERROR("overload in file/sname", options_idx == DHCP_OPTIONS_OFS,
return ERR_VAL;);
will always fail, since DHCP_OPTIONS_OFS will never match the relative
options_idx.

(For a possible bugfix see attachment)

Best regards
Christoph



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 08 Oct 2018 02:08:42 PM UTC  Name: dhcp.c.diff  Size: 1KiB   By:
christophchang

<http://savannah.nongnu.org/bugs/download.php?file_id=45164>

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?54805>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #54805] IP address can not be obtained over dhcp if PBUF_POOL_BUFSIZE is too small, Christoph Chang <=
- [lwip-devel] [bug #54805] IP address can not be obtained over dhcp if PBUF_POOL_BUFSIZE is too small, Dirk Ziegelmeier, 2018/10/19

Prev by Date: [lwip-devel] [patch #9611] tftp client
Next by Date: [lwip-devel] [bug #54806] pppos_input: invalid LWIP_ASSERT_CORE_LOCKED() check
Previous by thread: [lwip-devel] [patch #9611] tftp client
Next by thread: [lwip-devel] [bug #54805] IP address can not be obtained over dhcp if PBUF_POOL_BUFSIZE is too small
Index(es):
- Date
- Thread