search

rlaager / docsis

This program encodes a DOCSIS binary configuration file from a human-readable text configuration file.
http://docsis.sourceforge.net
GNU General Public License v2.0
114 stars 70 forks source link

docsis20_stresstest Test Failure #52

Open rlaager opened 8 years ago

rlaager commented 8 years ago

The docsis20_stresstest is the only test failing for me at the moment.

Debugging with this:

diff --git a/examples/Makefile.am b/examples/Makefile.am
index 9fa000f..2802883 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -46,6 +46,7 @@ EXTRA_DIST = $(examples_DATA)
            rm -f $@.1.txt $@.2.txt ; \
            true ; \
        else \
+           diff -u $@.1.txt $@.2.txt ; \
            rm -f $@ $@.1.txt $@.2.txt ; \
            false ; \
        fi

I get this:

$ make docsis20_stresstest.bin
export MIBDIRS="../mibs:../mibs/iana:../mibs/ietf" ; \
    ../src/docsis -e docsis20_stresstest.cfg ./keyfile docsis20_stresstest.bin | \
    sed -n '/^Final content/,$p' | grep -v "^Final content" > docsis20_stresstest.bin.1.txt ; \
    ../src/docsis -d docsis20_stresstest.bin > docsis20_stresstest.bin.2.txt ; \
    if cmp docsis20_stresstest.bin.1.txt docsis20_stresstest.bin.2.txt && cmp docsis20_stresstest.txt docsis20_stresstest.bin.2.txt ; then \
        rm -f docsis20_stresstest.bin.1.txt docsis20_stresstest.bin.2.txt ; \
        true ; \
    else \
        diff -u docsis20_stresstest.bin.1.txt docsis20_stresstest.bin.2.txt ; \
        rm -f docsis20_stresstest.bin docsis20_stresstest.bin.1.txt docsis20_stresstest.bin.2.txt ; \
        false ; \
    fi
docsis20_stresstest.bin.1.txt docsis20_stresstest.bin.2.txt differ: byte 12732, line 248
--- docsis20_stresstest.bin.1.txt   2016-11-01 14:06:01.279254714 -0500
+++ docsis20_stresstest.bin.2.txt   2016-11-01 14:06:01.407256201 -0500
@@ -245,5 +245,5 @@
        ConcatenationSupport 204;
    }
    GenericTLV TlvCode 220 TlvLength 173 TlvValue 0x900c95015f66b4fb337408b5cc02de90450fb7d34a4c717430e0170b87356c641a42448297e9ccb76d5b7bbd601ba2fa7703ce3dd4ae038a4f67a5b733d8f1226a452d46950309e0e5a3a70a79ee593858d4d09b8437ab4577149afdccbab17d54a6a84cef9dd57be0c21e5664c2c3bc53836a2f84358cfae1f753a71c6263fc5609458b27728e317e406d6bcae820613d2ec5134b85a4e6ee10b34ec72f2b08663538d4c5cb17cf87e321041d;
-   GenericTLV TlvCode 153 TlvLength 77 TlvValue 0xef12017f0610cedde9cd7a34f366e172cf12f86bb52307104ba4e296c6f9aef93b83ae0dc5a2877cff000000000000000000000000000000000000000000000000000000000000000000000000;
+   GenericTLV TlvCode 153 TlvLength 77 TlvValue 0xef12017f0610cedde9cd7a34f366e172cf12f86bb52307104ba4e296c6f9aef93b83ae0dc5a2877cff0020020000000000006101000000000000c8fc7957027f0000c8fc7957027f0000400200;
 }
rlaager commented 8 years ago

@AdrianSimionov do you have any ideas here? Note that one ends with all zeros, and the other doesn't. Could this be some buffer not being zeroed before use?

AdrianSimionov commented 8 years ago

The problem is:

SnmpMibObject enterprises.1.2.3.4 String "aaaaaaaaabbbaaaaaaaaaaaaaabcdefghijklmnoprstuvwzabcdefghijklmnoprstuvwyzabcdefghijklmnoprstxxxxxxxaaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";

If you remove exactly one character, the test will pass. I think someone put just one extra character to make this test fail on purpose.

The GenericTLVs being different is just a side effect as the tool does not recognise anymore the format and translates everything to GenericTLVs.

rlaager commented 8 years ago

The off-by-one thing makes me even more concerned that we have a buffer problem somewhere. We need to find and fix this one.

AdrianSimionov commented 8 years ago

I will look more into it, I have the feeling there is a buffer overflow somewhere. It might as well be in net-snmp library.