Skip to content

Commit 7a36b1d

Browse files
danielinuxdanielinux
committed
DHCP client: parsing hardening + added more unit tests
1 parent 85c826b commit 7a36b1d

2 files changed

Lines changed: 386 additions & 37 deletions

File tree

src/test/unit/unit.c

Lines changed: 232 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3993,6 +3993,7 @@ START_TEST(test_dhcp_parse_offer_and_ack)
39933993
ck_assert_ptr_nonnull(primary);
39943994

39953995
memset(&msg, 0, sizeof(msg));
3996+
msg.magic = ee32(DHCP_MAGIC);
39963997
msg.yiaddr = ee32(offer_ip);
39973998
opt = (struct dhcp_option *)msg.options;
39983999
opt->code = DHCP_OPTION_MSG_TYPE;
@@ -4016,13 +4017,14 @@ START_TEST(test_dhcp_parse_offer_and_ack)
40164017
opt->code = DHCP_OPTION_END;
40174018
opt->len = 0;
40184019

4019-
ck_assert_int_eq(dhcp_parse_offer(&s, &msg), 0);
4020+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, sizeof(msg)), 0);
40204021
ck_assert_uint_eq(s.dhcp_ip, offer_ip);
40214022
ck_assert_uint_eq(s.dhcp_server_ip, server_ip);
40224023
ck_assert_uint_eq(primary->mask, mask);
40234024
ck_assert_int_eq(s.dhcp_state, DHCP_REQUEST_SENT);
40244025

40254026
memset(&msg, 0, sizeof(msg));
4027+
msg.magic = ee32(DHCP_MAGIC);
40264028
opt = (struct dhcp_option *)msg.options;
40274029
opt->code = DHCP_OPTION_MSG_TYPE;
40284030
opt->len = 1;
@@ -4066,7 +4068,7 @@ START_TEST(test_dhcp_parse_offer_and_ack)
40664068
opt->code = DHCP_OPTION_END;
40674069
opt->len = 0;
40684070

4069-
ck_assert_int_eq(dhcp_parse_ack(&s, &msg), 0);
4071+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, sizeof(msg)), 0);
40704072
ck_assert_int_eq(s.dhcp_state, DHCP_BOUND);
40714073
ck_assert_uint_eq(primary->ip, offer_ip);
40724074
ck_assert_uint_eq(primary->mask, mask);
@@ -6534,6 +6536,7 @@ START_TEST(test_dhcp_poll_offer_and_ack)
65346536
ts = &s.udpsockets[SOCKET_UNMARK(s.dhcp_udp_sd)];
65356537

65366538
memset(&msg, 0, sizeof(msg));
6539+
msg.magic = ee32(DHCP_MAGIC);
65376540
msg.yiaddr = ee32(0x0A000064U);
65386541
opt = (struct dhcp_option *)msg.options;
65396542
opt->code = DHCP_OPTION_MSG_TYPE;
@@ -6564,6 +6567,7 @@ START_TEST(test_dhcp_poll_offer_and_ack)
65646567
ck_assert_int_eq(s.dhcp_state, DHCP_REQUEST_SENT);
65656568

65666569
memset(&msg, 0, sizeof(msg));
6570+
msg.magic = ee32(DHCP_MAGIC);
65676571
opt = (struct dhcp_option *)msg.options;
65686572
opt->code = DHCP_OPTION_MSG_TYPE;
65696573
opt->len = 1;
@@ -7170,7 +7174,7 @@ START_TEST(test_dhcp_parse_offer_no_match)
71707174
opt->code = DHCP_OPTION_END;
71717175
opt->len = 0;
71727176

7173-
ck_assert_int_eq(dhcp_parse_offer(&s, &msg), -1);
7177+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, sizeof(msg)), -1);
71747178
}
71757179
END_TEST
71767180

@@ -7190,7 +7194,220 @@ START_TEST(test_dhcp_parse_ack_invalid)
71907194
opt->code = DHCP_OPTION_END;
71917195
opt->len = 0;
71927196

7193-
ck_assert_int_eq(dhcp_parse_ack(&s, &msg), -1);
7197+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, sizeof(msg)), -1);
7198+
}
7199+
END_TEST
7200+
7201+
START_TEST(test_dhcp_parse_offer_short_len_rejected)
7202+
{
7203+
struct wolfIP s;
7204+
struct dhcp_msg msg;
7205+
struct dhcp_option *opt;
7206+
7207+
wolfIP_init(&s);
7208+
memset(&msg, 0, sizeof(msg));
7209+
opt = (struct dhcp_option *)msg.options;
7210+
opt->code = DHCP_OPTION_MSG_TYPE;
7211+
opt->len = 1;
7212+
opt->data[0] = DHCP_OFFER;
7213+
7214+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN - 1), -1);
7215+
}
7216+
END_TEST
7217+
7218+
START_TEST(test_dhcp_parse_offer_truncated_option_rejected)
7219+
{
7220+
struct wolfIP s;
7221+
struct dhcp_msg msg;
7222+
struct dhcp_option *opt;
7223+
7224+
wolfIP_init(&s);
7225+
memset(&msg, 0, sizeof(msg));
7226+
opt = (struct dhcp_option *)msg.options;
7227+
opt->code = DHCP_OPTION_MSG_TYPE;
7228+
opt->len = 4;
7229+
7230+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 2), -1);
7231+
}
7232+
END_TEST
7233+
7234+
START_TEST(test_dhcp_parse_offer_len_lt_four_rejected)
7235+
{
7236+
struct wolfIP s;
7237+
struct dhcp_msg msg;
7238+
struct dhcp_option *opt;
7239+
7240+
wolfIP_init(&s);
7241+
memset(&msg, 0, sizeof(msg));
7242+
msg.magic = ee32(DHCP_MAGIC);
7243+
opt = (struct dhcp_option *)msg.options;
7244+
opt->code = DHCP_OPTION_MSG_TYPE;
7245+
opt->len = 1;
7246+
opt->data[0] = DHCP_OFFER;
7247+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7248+
opt->code = DHCP_OPTION_SERVER_ID;
7249+
opt->len = 2;
7250+
7251+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 5), -1);
7252+
}
7253+
END_TEST
7254+
7255+
START_TEST(test_dhcp_parse_offer_missing_end_rejected)
7256+
{
7257+
struct wolfIP s;
7258+
struct dhcp_msg msg;
7259+
struct dhcp_option *opt;
7260+
7261+
wolfIP_init(&s);
7262+
memset(&msg, 0, sizeof(msg));
7263+
msg.magic = ee32(DHCP_MAGIC);
7264+
opt = (struct dhcp_option *)msg.options;
7265+
opt->code = DHCP_OPTION_MSG_TYPE;
7266+
opt->len = 1;
7267+
opt->data[0] = DHCP_OFFER;
7268+
7269+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 3), -1);
7270+
}
7271+
END_TEST
7272+
7273+
START_TEST(test_dhcp_parse_ack_truncated_option_rejected)
7274+
{
7275+
struct wolfIP s;
7276+
struct dhcp_msg msg;
7277+
struct dhcp_option *opt;
7278+
7279+
wolfIP_init(&s);
7280+
memset(&msg, 0, sizeof(msg));
7281+
msg.magic = ee32(DHCP_MAGIC);
7282+
opt = (struct dhcp_option *)msg.options;
7283+
opt->code = DHCP_OPTION_MSG_TYPE;
7284+
opt->len = 1;
7285+
opt->data[0] = DHCP_ACK;
7286+
7287+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 2), -1);
7288+
}
7289+
END_TEST
7290+
7291+
START_TEST(test_dhcp_parse_ack_len_lt_four_rejected)
7292+
{
7293+
struct wolfIP s;
7294+
struct dhcp_msg msg;
7295+
struct dhcp_option *opt;
7296+
7297+
wolfIP_init(&s);
7298+
memset(&msg, 0, sizeof(msg));
7299+
msg.magic = ee32(DHCP_MAGIC);
7300+
opt = (struct dhcp_option *)msg.options;
7301+
opt->code = DHCP_OPTION_MSG_TYPE;
7302+
opt->len = 1;
7303+
opt->data[0] = DHCP_ACK;
7304+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7305+
opt->code = DHCP_OPTION_SUBNET_MASK;
7306+
opt->len = 2;
7307+
7308+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 5), -1);
7309+
}
7310+
END_TEST
7311+
7312+
START_TEST(test_dhcp_parse_ack_missing_end_rejected)
7313+
{
7314+
struct wolfIP s;
7315+
struct dhcp_msg msg;
7316+
struct dhcp_option *opt;
7317+
7318+
wolfIP_init(&s);
7319+
memset(&msg, 0, sizeof(msg));
7320+
msg.magic = ee32(DHCP_MAGIC);
7321+
opt = (struct dhcp_option *)msg.options;
7322+
opt->code = DHCP_OPTION_MSG_TYPE;
7323+
opt->len = 1;
7324+
opt->data[0] = DHCP_ACK;
7325+
7326+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 3), -1);
7327+
}
7328+
END_TEST
7329+
7330+
START_TEST(test_dhcp_parse_offer_bad_magic_rejected)
7331+
{
7332+
struct wolfIP s;
7333+
struct dhcp_msg msg;
7334+
struct dhcp_option *opt;
7335+
7336+
wolfIP_init(&s);
7337+
memset(&msg, 0, sizeof(msg));
7338+
msg.magic = 0;
7339+
opt = (struct dhcp_option *)msg.options;
7340+
opt->code = DHCP_OPTION_MSG_TYPE;
7341+
opt->len = 1;
7342+
opt->data[0] = DHCP_OFFER;
7343+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7344+
opt->code = DHCP_OPTION_END;
7345+
opt->len = 0;
7346+
7347+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, sizeof(msg)), -1);
7348+
}
7349+
END_TEST
7350+
7351+
START_TEST(test_dhcp_parse_ack_bad_magic_rejected)
7352+
{
7353+
struct wolfIP s;
7354+
struct dhcp_msg msg;
7355+
struct dhcp_option *opt;
7356+
7357+
wolfIP_init(&s);
7358+
memset(&msg, 0, sizeof(msg));
7359+
msg.magic = 0;
7360+
opt = (struct dhcp_option *)msg.options;
7361+
opt->code = DHCP_OPTION_MSG_TYPE;
7362+
opt->len = 1;
7363+
opt->data[0] = DHCP_ACK;
7364+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7365+
opt->code = DHCP_OPTION_END;
7366+
opt->len = 0;
7367+
7368+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, sizeof(msg)), -1);
7369+
}
7370+
END_TEST
7371+
7372+
START_TEST(test_dhcp_parse_offer_zero_len_option_rejected)
7373+
{
7374+
struct wolfIP s;
7375+
struct dhcp_msg msg;
7376+
struct dhcp_option *opt;
7377+
7378+
wolfIP_init(&s);
7379+
memset(&msg, 0, sizeof(msg));
7380+
msg.magic = ee32(DHCP_MAGIC);
7381+
opt = (struct dhcp_option *)msg.options;
7382+
opt->code = DHCP_OPTION_MSG_TYPE;
7383+
opt->len = 1;
7384+
opt->data[0] = DHCP_OFFER;
7385+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7386+
opt->code = DHCP_OPTION_SERVER_ID;
7387+
opt->len = 0;
7388+
7389+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 5), -1);
7390+
}
7391+
END_TEST
7392+
7393+
START_TEST(test_dhcp_parse_ack_zero_len_option_rejected)
7394+
{
7395+
struct wolfIP s;
7396+
struct dhcp_msg msg;
7397+
struct dhcp_option *opt;
7398+
7399+
wolfIP_init(&s);
7400+
memset(&msg, 0, sizeof(msg));
7401+
msg.magic = ee32(DHCP_MAGIC);
7402+
opt = (struct dhcp_option *)msg.options;
7403+
opt->code = DHCP_OPTION_MSG_TYPE;
7404+
opt->len = 1;
7405+
opt->data[0] = DHCP_ACK;
7406+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7407+
opt->code = DHCP_OPTION_SUBNET_MASK;
7408+
opt->len = 0;
7409+
7410+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 5), -1);
71947411
}
71957412
END_TEST
71967413

@@ -15271,6 +15488,17 @@ Suite *wolf_suite(void)
1527115488
tcase_add_test(tc_utils, test_dns_callback_bad_rr_rdlen);
1527215489
tcase_add_test(tc_utils, test_dhcp_parse_offer_no_match);
1527315490
tcase_add_test(tc_utils, test_dhcp_parse_ack_invalid);
15491+
tcase_add_test(tc_utils, test_dhcp_parse_offer_short_len_rejected);
15492+
tcase_add_test(tc_utils, test_dhcp_parse_offer_truncated_option_rejected);
15493+
tcase_add_test(tc_utils, test_dhcp_parse_offer_len_lt_four_rejected);
15494+
tcase_add_test(tc_utils, test_dhcp_parse_offer_missing_end_rejected);
15495+
tcase_add_test(tc_utils, test_dhcp_parse_ack_truncated_option_rejected);
15496+
tcase_add_test(tc_utils, test_dhcp_parse_ack_len_lt_four_rejected);
15497+
tcase_add_test(tc_utils, test_dhcp_parse_ack_missing_end_rejected);
15498+
tcase_add_test(tc_utils, test_dhcp_parse_offer_bad_magic_rejected);
15499+
tcase_add_test(tc_utils, test_dhcp_parse_ack_bad_magic_rejected);
15500+
tcase_add_test(tc_utils, test_dhcp_parse_offer_zero_len_option_rejected);
15501+
tcase_add_test(tc_utils, test_dhcp_parse_ack_zero_len_option_rejected);
1527415502
tcase_add_test(tc_utils, test_dhcp_poll_no_data_and_wrong_state);
1527515503
tcase_add_test(tc_utils, test_dhcp_callback_null_and_off_state);
1527615504
#if WOLFIP_ENABLE_FORWARDING

0 commit comments

Comments
 (0)