From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 11 Mar 2022 12:53:57 +0000 (-0500)
Subject: hack up encode_array() to not cross option boundaries
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5fe386f1701be7a42b2c8501dadda3d6e8bc90f;p=thirdparty%2Ffreeradius-server.git

hack up encode_array() to not cross option boundaries

this really needs to be fixed in the decoder
---

diff --git a/src/protocols/dhcpv4/encode.c b/src/protocols/dhcpv4/encode.c
index c7fe4b151ba..50c60d71ada 100644
--- a/src/protocols/dhcpv4/encode.c
+++ b/src/protocols/dhcpv4/encode.c
@@ -188,6 +188,13 @@ static ssize_t encode_array(fr_dbuff_t *dbuff,
 			FR_DBUFF_ADVANCE_RETURN(&element_dbuff, sizeof(uint8_t));	/* Make room for the length field */
 		}
 
+		/*
+		 *	Don't pack too many things in.
+		 *
+		 *	@todo - fix dhcpv4 decode, because the elements can, in fact, cross option boundaries.
+		 */
+		if ((fr_dbuff_used(&work_dbuff) + element_len + len_field) > 255) break;
+
 		slen = encode_value(&element_dbuff, da_stack, depth, cursor, encode_ctx);
 		if (slen < 0) return slen;
 		if (slen > UINT8_MAX) return PAIR_ENCODE_FATAL_ERROR;
diff --git a/src/tests/unit/protocols/dhcpv4/base.txt b/src/tests/unit/protocols/dhcpv4/base.txt
index e3c063c41d3..1ac736d49f6 100644
--- a/src/tests/unit/protocols/dhcpv4/base.txt
+++ b/src/tests/unit/protocols/dhcpv4/base.txt
@@ -34,14 +34,8 @@ match 8a 08 7f 00 00 01 c0 a8 03 01
 # Overflow with multiple fixed length attributes (16x16)
 encode-pair ANDSF-IPv6-Address = fe80::1, ANDSF-IPv6-Address = fe80::2, ANDSF-IPv6-Address = fe80::3, ANDSF-IPv6-Address = fe80::4, ANDSF-IPv6-Address = fe80::5, ANDSF-IPv6-Address = fe80::6, ANDSF-IPv6-Address = fe80::7, ANDSF-IPv6-Address = fe80::8, ANDSF-IPv6-Address = fe80::9, ANDSF-IPv6-Address = fe80::a, ANDSF-IPv6-Address = fe80::b, ANDSF-IPv6-Address = fe80::c, ANDSF-IPv6-Address = fe80::d, ANDSF-IPv6-Address = fe80::e, ANDSF-IPv6-Address = fe80::f, ANDSF-IPv6-Address = fe80::10
 
-#
-#  We now fill each option, instead of splitting on value boundaries.
-#
-match 8f ff fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 01 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 02 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 06 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 07 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 08 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 09 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0a fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0b fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0c fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0d fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0e fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0f fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 01 10
+match 8f f0 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 01 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 02 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 05 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 06 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 07 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 08 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 09 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0a fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0b fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0c fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0d fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0e fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 8f 10 fe 80 00 00 00 00 00 00 00 00 00 00 00 00 00 10
 
-#
-#  The decode routine is broken, as it needs concatenate and then decode, instead of decoding each value in turn.
-#
 decode-pair -
 match ANDSF-IPv6-Address = fe80::1, ANDSF-IPv6-Address = fe80::2, ANDSF-IPv6-Address = fe80::3, ANDSF-IPv6-Address = fe80::4, ANDSF-IPv6-Address = fe80::5, ANDSF-IPv6-Address = fe80::6, ANDSF-IPv6-Address = fe80::7, ANDSF-IPv6-Address = fe80::8, ANDSF-IPv6-Address = fe80::9, ANDSF-IPv6-Address = fe80::a, ANDSF-IPv6-Address = fe80::b, ANDSF-IPv6-Address = fe80::c, ANDSF-IPv6-Address = fe80::d, ANDSF-IPv6-Address = fe80::e, ANDSF-IPv6-Address = fe80::f, ANDSF-IPv6-Address = fe80::10