Skip to content

DHCP has a buffer overrun when transmitting the DHCPREQUEST packet #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dgnuff opened this issue Apr 9, 2023 · 1 comment · Fixed by #110
Closed

DHCP has a buffer overrun when transmitting the DHCPREQUEST packet #108

dgnuff opened this issue Apr 9, 2023 · 1 comment · Fixed by #110

Comments

@dgnuff
Copy link
Contributor

dgnuff commented Apr 9, 2023

During initial lease request, DHCPDISCOVER is sent and DHCPOFFER is received and processed correctly, but during the assembly of the DHCPREQUEST packet in send_dhcp_message() the following exception is thrown:

Traceback (most recent call last):
File "code.py", line 41, in
File "libs/socket.py", line 75, in init
File "/lib/adafruit_wiznet5k/adafruit_wiznet5k.py", line 226, in init
File "/lib/adafruit_wiznet5k/adafruit_wiznet5k.py", line 253, in set_dhcp
File "/lib/adafruit_wiznet5k/adafruit_wiznet5k_dhcp.py", line 536, in request_dhcp_lease
File "/lib/adafruit_wiznet5k/adafruit_wiznet5k_dhcp.py", line 450, in _dhcp_state_machine
File "/lib/adafruit_wiznet5k/adafruit_wiznet5k_dhcp.py", line 232, in send_dhcp_message
IndexError: index out of range

Adding some debug prints just above line 232 as follows:

    ...
    _BUFF[254:after_hostname] = self._hostname

    ## Inserted debug
    if self._debug:                     
        print("after_hostname:", after_hostname)
        print("Buffer length:", len(_BUFF))
    ## Inserted debug

    if state == _DHCP_REQUEST and not renew:
    ...

produces the following output:

after_hostname: 272
Buffer length: 272

The buffer was initialized to 318 bytes long at line 89, but the clear at line 169 maintains the current length. I can only assume that somewhere in the processing of the DHCPOFFER reply, the buffer gets truncated to 272 bytes, which is then not enough for the DHCPREQUEST we're trying to send.

The fix that I applied was to change line 169 to this:

    _BUFF = bytearray(318)

which does solve the problem. However rather than submit a pull request, I'd much prefer it if someone more familiar with this code can review the suggested change and make sure that it's not going to break anything else.
@dgnuff
Copy link
Contributor Author

dgnuff commented Apr 9, 2023

As an editorial comment, something I was taught 43 years ago makes me want to modify this slightly:

Split line 89 as follows:

_DHCP_BUFF_LENGTH = const(318)
_BUFF = bytearray(_DHCP_BUFF_LENGTH )

and duplicate the second of these for what was formerly line 169.

@dgnuff dgnuff mentioned this issue Apr 9, 2023
Closed
@tekktrik tekktrik linked a pull request Apr 11, 2023 that will close this issue
Fix for issue #108 - Make sure the buffer is large enough before ever… #110
Merged
dhalbert added a commit that referenced this issue Apr 19, 2023
@dhalbert
Merge pull request #110 from dgnuff/dhcp-buffer-overflow
b3e0c7e 
Fix for issue #108 - Make sure the buffer is large enough before ever…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for issue #108 - Make sure the buffer is large enough before ever…
1 participant
@dgnuff