search

openwrt / odhcpd

This repository is a mirror of https://git.openwrt.org/?p=project/odhcpd.git. Pull requests will be accepted which will be merged in odhcpd.git
GNU General Public License v2.0
160 stars 96 forks source link

odhcpd segfault when processing INFORM packet #188

Closed robekl closed 1 year ago

robekl commented 1 year ago

Multiple machines on the network are publishing a DHCP INFORM message, and odhcpd segfaults with the following from the kernel: Thu Oct 13 17:52:09 2022 kern.info kernel: [74108.113405] odhcpd[12489]: segfault at 1e8 ip 000055de8b31dea5 sp 00007fffaf7c67b0 error 4 in odhcpd[55de8b310000+f000] Thu Oct 13 17:52:09 2022 kern.info kernel: [74108.113865] Code: 00 b9 04 00 00 00 eb 15 c1 e1 02 4d 8b 86 b0 02 00 00 48 8d b4 24 88 00 00 00 0f b6 c9 ba 06 00 00 00 4c 89 e7 e8 68 e6 ff ff <48> 83 bd e8 01 00 00 00 75 3e 45 31 c0 31 c9 ba ff 00 00 00 4c 89

With loglevel=7, I see: Thu Oct 13 17:52:09 2022 daemon.info odhcpd[12489]: Received DHCPV4_MSG_INFORM from a8:7e:ea:6d:0e:b1 on main

Message contents: 0000 ff ff ff ff ff ff a8 7e ea 6d 0e b1 08 00 45 00 .......~.m....E. 0010 01 48 b5 79 00 00 80 11 84 2c 00 00 00 00 ff ff .H.y.....,...... 0020 ff ff 00 44 00 43 01 34 25 89 01 01 06 00 b0 53 ...D.C.4%......S 0030 e6 35 00 00 00 00 c0 a8 02 0b 00 00 00 00 00 00 .5.............. 0040 00 00 00 00 00 00 a8 7e ea 6d 0e b1 00 00 00 00 .......~.m...... 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0110 00 00 00 00 00 00 63 82 53 63 35 01 08 3d 07 01 ......c.Sc5..=.. 0120 a8 7e ea 6d 0e b1 0c 0d 52 48 49 54 2d 52 39 30 .~.m....RHIT-R90 0130 59 32 52 34 56 3c 08 4d 53 46 54 20 35 2e 30 37 Y2R4V<.MSFT 5.07 0140 0e 01 03 06 0f 1f 21 2b 2c 2e 2f 77 79 f9 fc ff ......!+,./wy... 0150 00 00 00 00 00 00 ......

robekl commented 1 year ago

I was able to reproduce the segfault with a simple message using the CyberShadow dhcptest tool. ./dhcptest --option "53[u8]=8"

d

Output: Sending packet: op=BOOTREQUEST chaddr=DA:CB:BA:C3:03:6C hops=0 xid=EDF578BE secs=0 flags=8000 ciaddr=0.0.0.0 yiaddr=0.0.0.0 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file= 1 options: 53 (DHCP Message Type): inform

robekl commented 1 year ago

Fix here: https://github.com/openwrt/odhcpd/pull/189 I don't know if it's the right fix, but it prevents the segfault for INFORM messages.

ukleinek commented 1 year ago

As https://github.com/openwrt/odhcpd/pull/189 is merged, this issue can be closed.