Skip to content

[relay]: Prevent Buffer Overrun Of Malformed DHCP Packet#6057

Merged
tahmed-dev merged 3 commits intosonic-net:masterfrom
tahmed-dev:taahme/dhcp-relay-avoid-buffer-overrun
Dec 12, 2020
Merged

[relay]: Prevent Buffer Overrun Of Malformed DHCP Packet#6057
tahmed-dev merged 3 commits intosonic-net:masterfrom
tahmed-dev:taahme/dhcp-relay-avoid-buffer-overrun

Conversation

@tahmed-dev
Copy link
Contributor

@tahmed-dev tahmed-dev commented Nov 29, 2020
edited
Loading

The add/strip relay agent options do not take into account the buffer
length and so it is possible to overrun the buffer. The issue will
result in contents from previous packet being added to the current one.

closes #6052
resolves #6052

signed-off-by: Tamer Ahmed [email protected]

- Why I did it

- How I did it

- How to verify it

- Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@tahmed-dev tahmed-dev force-pushed the taahme/dhcp-relay-avoid-buffer-overrun branch 4 times, most recently from b5dd36c to a589f00 Compare November 29, 2020 03:22
jleveque
jleveque suggested changes Dec 1, 2020
View reviewed changes
@tahmed-dev tahmed-dev force-pushed the taahme/dhcp-relay-avoid-buffer-overrun branch from a589f00 to ed6c731 Compare December 1, 2020 03:00
@tahmed-dev tahmed-dev mentioned this pull request Dec 3, 2020
Closed
@tahmed-dev
[relay]: Prevent Buffer Overrun Of Malformed DHCP Packet
579ac66 
The add/strip relay agent options do not take into account the buffer
length and so it is possible to overrun the buffer. The issue will
result in contents from previous packet being added to the current one.

signed-off-by: Tamer Ahmed <[email protected]>
@tahmed-dev
review comments
5de39ea
@tahmed-dev
rebase with master
513c3a3
@tahmed-dev tahmed-dev force-pushed the taahme/dhcp-relay-avoid-buffer-overrun branch from ed6c731 to 513c3a3 Compare December 10, 2020 17:53
@tahmed-dev tahmed-dev marked this pull request as ready for review December 10, 2020 17:56
@tahmed-dev tahmed-dev requested review from a user and jleveque December 10, 2020 17:56
jleveque
jleveque approved these changes Dec 10, 2020
View reviewed changes
Copy link
Contributor

@jleveque jleveque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Should this patch be upstreamed?

@tahmed-dev
Copy link
Contributor Author

tahmed-dev commented Dec 11, 2020

LGTM. Should this patch be upstreamed?

I guess so. There could be cross packets information leak.

@tahmed-dev tahmed-dev merged commit cbbda09 into sonic-net:master Dec 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@jleveque jleveque jleveque approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DHCP relay forwards incorrect DHCP client packet to DHCP server(in case of DHCP packet without payload)

2 participants

@tahmed-dev @jleveque