From: Marcin Siodelski Date: Tue, 11 Dec 2018 17:13:14 +0000 (+0100) Subject: [#337,!167] Guard against expiration time lower than valid lifetime. X-Git-Tag: 343-put-socket-control-buffer-in-the-stack_base~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3fcdc28814310ac93b3903897e952b3b60cfa0bc;p=thirdparty%2Fkea.git [#337,!167] Guard against expiration time lower than valid lifetime. --- diff --git a/src/hooks/dhcp/lease_cmds/lease_parser.cc b/src/hooks/dhcp/lease_cmds/lease_parser.cc index e7dd3cbdee..24b252ba2d 100644 --- a/src/hooks/dhcp/lease_cmds/lease_parser.cc +++ b/src/hooks/dhcp/lease_cmds/lease_parser.cc @@ -99,6 +99,10 @@ Lease4Parser::parse(ConstSrvConfigPtr& cfg, if (expire_time <= 0) { isc_throw(BadValue , "expiration time must be positive for address " << addr); + + } else if (expire_time < valid_lft) { + isc_throw(BadValue, "expiration time must be greater than valid lifetime" + " for address " << addr); } cltt = static_cast(expire_time - valid_lft); } else { @@ -290,7 +294,12 @@ Lease6Parser::parse(ConstSrvConfigPtr& cfg, if (expire_time <= 0) { isc_throw(BadValue , "expiration time must be positive for address " << addr); + + } else if (expire_time < valid_lft) { + isc_throw(BadValue, "expiration time must be greater than valid lifetime" + " for address " << addr); } + cltt = static_cast(expire_time - valid_lft); } else { cltt = time(NULL); diff --git a/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc b/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc index 3fbb1e22e2..6c6cdd6e39 100644 --- a/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc +++ b/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc @@ -800,6 +800,35 @@ TEST_F(LeaseCmdsTest, Lease4AddNegativeExpireTime) { ASSERT_FALSE(l); } +// Check that the lease with negative cltt is rejected. +TEST_F(LeaseCmdsTest, Lease4AddNegativeCltt) { + + // Initialize lease manager (false = v4, false = don't add leases) + initLeaseMgr(false, false); + + // Check that the lease manager pointer is there. + ASSERT_TRUE(lmptr_); + + // Add a lease with negative cltt (expiration time - valid lifetime) + string txt = + "{\n" + " \"command\": \"lease4-add\",\n" + " \"arguments\": {" + " \"ip-address\": \"192.0.2.202\",\n" + " \"hw-address\": \"1a:1b:1c:1d:1e:1f\",\n" + " \"expire\": 123456,\n" + " \"valid-lft\": 123457" + " }\n" + "}"; + string exp_rsp = "expiration time must be greater than valid lifetime for " + "address 192.0.2.202"; + testCommand(txt, CONTROL_RESULT_ERROR, exp_rsp); + + // Now check that the lease was not added. + Lease4Ptr l = lmptr_->getLease4(IOAddress("192.0.2.202")); + ASSERT_FALSE(l); +} + // Check that a well formed lease4 with tons of parameters can be added. TEST_F(LeaseCmdsTest, Lease4AddFull) { @@ -1077,6 +1106,24 @@ TEST_F(LeaseCmdsTest, Lease6AddBadParams) { exp_rsp = "expiration time must be positive for address 2001:db8:1::1"; testCommand(txt, CONTROL_RESULT_ERROR, exp_rsp); + // Negative cltt + txt = + "{\n" + " \"command\": \"lease6-add\",\n" + " \"arguments\": {" + " \"subnet-id\": 66,\n" + " \"ip-address\": \"2001:db8:1::1\",\n" + " \"duid\": \"1a:1b:1c:1d:1e:1f\",\n" + " \"iaid\": 1234\n," + " \"user-context\": { \"comment\": \"in user context\" },\n" + " \"expire\": 123456,\n" + " \"valid-lft\": 123457" + " }\n" + "}"; + exp_rsp = "expiration time must be greater than valid lifetime for address " + "2001:db8:1::1"; + testCommand(txt, CONTROL_RESULT_ERROR, exp_rsp); + } // Check that a simple, well formed lease6 can be added.