Skip to content

Commit e6c5eb3

Browse files
danielinuxdanielinux
committed
DHCP client: parsing hardening + added more unit tests
1 parent e423670 commit e6c5eb3

2 files changed

Lines changed: 386 additions & 37 deletions

File tree

src/test/unit/unit.c

Lines changed: 232 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4147,6 +4147,7 @@ START_TEST(test_dhcp_parse_offer_and_ack)
41474147
ck_assert_ptr_nonnull(primary);
41484148

41494149
memset(&msg, 0, sizeof(msg));
4150+
msg.magic = ee32(DHCP_MAGIC);
41504151
msg.yiaddr = ee32(offer_ip);
41514152
opt = (struct dhcp_option *)msg.options;
41524153
opt->code = DHCP_OPTION_MSG_TYPE;
@@ -4170,13 +4171,14 @@ START_TEST(test_dhcp_parse_offer_and_ack)
41704171
opt->code = DHCP_OPTION_END;
41714172
opt->len = 0;
41724173

4173-
ck_assert_int_eq(dhcp_parse_offer(&s, &msg), 0);
4174+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, sizeof(msg)), 0);
41744175
ck_assert_uint_eq(s.dhcp_ip, offer_ip);
41754176
ck_assert_uint_eq(s.dhcp_server_ip, server_ip);
41764177
ck_assert_uint_eq(primary->mask, mask);
41774178
ck_assert_int_eq(s.dhcp_state, DHCP_REQUEST_SENT);
41784179

41794180
memset(&msg, 0, sizeof(msg));
4181+
msg.magic = ee32(DHCP_MAGIC);
41804182
opt = (struct dhcp_option *)msg.options;
41814183
opt->code = DHCP_OPTION_MSG_TYPE;
41824184
opt->len = 1;
@@ -4220,7 +4222,7 @@ START_TEST(test_dhcp_parse_offer_and_ack)
42204222
opt->code = DHCP_OPTION_END;
42214223
opt->len = 0;
42224224

4223-
ck_assert_int_eq(dhcp_parse_ack(&s, &msg), 0);
4225+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, sizeof(msg)), 0);
42244226
ck_assert_int_eq(s.dhcp_state, DHCP_BOUND);
42254227
ck_assert_uint_eq(primary->ip, offer_ip);
42264228
ck_assert_uint_eq(primary->mask, mask);
@@ -6690,6 +6692,7 @@ START_TEST(test_dhcp_poll_offer_and_ack)
66906692
ts = &s.udpsockets[SOCKET_UNMARK(s.dhcp_udp_sd)];
66916693

66926694
memset(&msg, 0, sizeof(msg));
6695+
msg.magic = ee32(DHCP_MAGIC);
66936696
msg.yiaddr = ee32(0x0A000064U);
66946697
opt = (struct dhcp_option *)msg.options;
66956698
opt->code = DHCP_OPTION_MSG_TYPE;
@@ -6720,6 +6723,7 @@ START_TEST(test_dhcp_poll_offer_and_ack)
67206723
ck_assert_int_eq(s.dhcp_state, DHCP_REQUEST_SENT);
67216724

67226725
memset(&msg, 0, sizeof(msg));
6726+
msg.magic = ee32(DHCP_MAGIC);
67236727
opt = (struct dhcp_option *)msg.options;
67246728
opt->code = DHCP_OPTION_MSG_TYPE;
67256729
opt->len = 1;
@@ -7326,7 +7330,7 @@ START_TEST(test_dhcp_parse_offer_no_match)
73267330
opt->code = DHCP_OPTION_END;
73277331
opt->len = 0;
73287332

7329-
ck_assert_int_eq(dhcp_parse_offer(&s, &msg), -1);
7333+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, sizeof(msg)), -1);
73307334
}
73317335
END_TEST
73327336

@@ -7346,7 +7350,220 @@ START_TEST(test_dhcp_parse_ack_invalid)
73467350
opt->code = DHCP_OPTION_END;
73477351
opt->len = 0;
73487352

7349-
ck_assert_int_eq(dhcp_parse_ack(&s, &msg), -1);
7353+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, sizeof(msg)), -1);
7354+
}
7355+
END_TEST
7356+
7357+
START_TEST(test_dhcp_parse_offer_short_len_rejected)
7358+
{
7359+
struct wolfIP s;
7360+
struct dhcp_msg msg;
7361+
struct dhcp_option *opt;
7362+
7363+
wolfIP_init(&s);
7364+
memset(&msg, 0, sizeof(msg));
7365+
opt = (struct dhcp_option *)msg.options;
7366+
opt->code = DHCP_OPTION_MSG_TYPE;
7367+
opt->len = 1;
7368+
opt->data[0] = DHCP_OFFER;
7369+
7370+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN - 1), -1);
7371+
}
7372+
END_TEST
7373+
7374+
START_TEST(test_dhcp_parse_offer_truncated_option_rejected)
7375+
{
7376+
struct wolfIP s;
7377+
struct dhcp_msg msg;
7378+
struct dhcp_option *opt;
7379+
7380+
wolfIP_init(&s);
7381+
memset(&msg, 0, sizeof(msg));
7382+
opt = (struct dhcp_option *)msg.options;
7383+
opt->code = DHCP_OPTION_MSG_TYPE;
7384+
opt->len = 4;
7385+
7386+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 2), -1);
7387+
}
7388+
END_TEST
7389+
7390+
START_TEST(test_dhcp_parse_offer_len_lt_four_rejected)
7391+
{
7392+
struct wolfIP s;
7393+
struct dhcp_msg msg;
7394+
struct dhcp_option *opt;
7395+
7396+
wolfIP_init(&s);
7397+
memset(&msg, 0, sizeof(msg));
7398+
msg.magic = ee32(DHCP_MAGIC);
7399+
opt = (struct dhcp_option *)msg.options;
7400+
opt->code = DHCP_OPTION_MSG_TYPE;
7401+
opt->len = 1;
7402+
opt->data[0] = DHCP_OFFER;
7403+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7404+
opt->code = DHCP_OPTION_SERVER_ID;
7405+
opt->len = 2;
7406+
7407+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 5), -1);
7408+
}
7409+
END_TEST
7410+
7411+
START_TEST(test_dhcp_parse_offer_missing_end_rejected)
7412+
{
7413+
struct wolfIP s;
7414+
struct dhcp_msg msg;
7415+
struct dhcp_option *opt;
7416+
7417+
wolfIP_init(&s);
7418+
memset(&msg, 0, sizeof(msg));
7419+
msg.magic = ee32(DHCP_MAGIC);
7420+
opt = (struct dhcp_option *)msg.options;
7421+
opt->code = DHCP_OPTION_MSG_TYPE;
7422+
opt->len = 1;
7423+
opt->data[0] = DHCP_OFFER;
7424+
7425+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 3), -1);
7426+
}
7427+
END_TEST
7428+
7429+
START_TEST(test_dhcp_parse_ack_truncated_option_rejected)
7430+
{
7431+
struct wolfIP s;
7432+
struct dhcp_msg msg;
7433+
struct dhcp_option *opt;
7434+
7435+
wolfIP_init(&s);
7436+
memset(&msg, 0, sizeof(msg));
7437+
msg.magic = ee32(DHCP_MAGIC);
7438+
opt = (struct dhcp_option *)msg.options;
7439+
opt->code = DHCP_OPTION_MSG_TYPE;
7440+
opt->len = 1;
7441+
opt->data[0] = DHCP_ACK;
7442+
7443+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 2), -1);
7444+
}
7445+
END_TEST
7446+
7447+
START_TEST(test_dhcp_parse_ack_len_lt_four_rejected)
7448+
{
7449+
struct wolfIP s;
7450+
struct dhcp_msg msg;
7451+
struct dhcp_option *opt;
7452+
7453+
wolfIP_init(&s);
7454+
memset(&msg, 0, sizeof(msg));
7455+
msg.magic = ee32(DHCP_MAGIC);
7456+
opt = (struct dhcp_option *)msg.options;
7457+
opt->code = DHCP_OPTION_MSG_TYPE;
7458+
opt->len = 1;
7459+
opt->data[0] = DHCP_ACK;
7460+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7461+
opt->code = DHCP_OPTION_SUBNET_MASK;
7462+
opt->len = 2;
7463+
7464+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 5), -1);
7465+
}
7466+
END_TEST
7467+
7468+
START_TEST(test_dhcp_parse_ack_missing_end_rejected)
7469+
{
7470+
struct wolfIP s;
7471+
struct dhcp_msg msg;
7472+
struct dhcp_option *opt;
7473+
7474+
wolfIP_init(&s);
7475+
memset(&msg, 0, sizeof(msg));
7476+
msg.magic = ee32(DHCP_MAGIC);
7477+
opt = (struct dhcp_option *)msg.options;
7478+
opt->code = DHCP_OPTION_MSG_TYPE;
7479+
opt->len = 1;
7480+
opt->data[0] = DHCP_ACK;
7481+
7482+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 3), -1);
7483+
}
7484+
END_TEST
7485+
7486+
START_TEST(test_dhcp_parse_offer_bad_magic_rejected)
7487+
{
7488+
struct wolfIP s;
7489+
struct dhcp_msg msg;
7490+
struct dhcp_option *opt;
7491+
7492+
wolfIP_init(&s);
7493+
memset(&msg, 0, sizeof(msg));
7494+
msg.magic = 0;
7495+
opt = (struct dhcp_option *)msg.options;
7496+
opt->code = DHCP_OPTION_MSG_TYPE;
7497+
opt->len = 1;
7498+
opt->data[0] = DHCP_OFFER;
7499+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7500+
opt->code = DHCP_OPTION_END;
7501+
opt->len = 0;
7502+
7503+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, sizeof(msg)), -1);
7504+
}
7505+
END_TEST
7506+
7507+
START_TEST(test_dhcp_parse_ack_bad_magic_rejected)
7508+
{
7509+
struct wolfIP s;
7510+
struct dhcp_msg msg;
7511+
struct dhcp_option *opt;
7512+
7513+
wolfIP_init(&s);
7514+
memset(&msg, 0, sizeof(msg));
7515+
msg.magic = 0;
7516+
opt = (struct dhcp_option *)msg.options;
7517+
opt->code = DHCP_OPTION_MSG_TYPE;
7518+
opt->len = 1;
7519+
opt->data[0] = DHCP_ACK;
7520+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7521+
opt->code = DHCP_OPTION_END;
7522+
opt->len = 0;
7523+
7524+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, sizeof(msg)), -1);
7525+
}
7526+
END_TEST
7527+
7528+
START_TEST(test_dhcp_parse_offer_zero_len_option_rejected)
7529+
{
7530+
struct wolfIP s;
7531+
struct dhcp_msg msg;
7532+
struct dhcp_option *opt;
7533+
7534+
wolfIP_init(&s);
7535+
memset(&msg, 0, sizeof(msg));
7536+
msg.magic = ee32(DHCP_MAGIC);
7537+
opt = (struct dhcp_option *)msg.options;
7538+
opt->code = DHCP_OPTION_MSG_TYPE;
7539+
opt->len = 1;
7540+
opt->data[0] = DHCP_OFFER;
7541+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7542+
opt->code = DHCP_OPTION_SERVER_ID;
7543+
opt->len = 0;
7544+
7545+
ck_assert_int_eq(dhcp_parse_offer(&s, &msg, DHCP_HEADER_LEN + 5), -1);
7546+
}
7547+
END_TEST
7548+
7549+
START_TEST(test_dhcp_parse_ack_zero_len_option_rejected)
7550+
{
7551+
struct wolfIP s;
7552+
struct dhcp_msg msg;
7553+
struct dhcp_option *opt;
7554+
7555+
wolfIP_init(&s);
7556+
memset(&msg, 0, sizeof(msg));
7557+
msg.magic = ee32(DHCP_MAGIC);
7558+
opt = (struct dhcp_option *)msg.options;
7559+
opt->code = DHCP_OPTION_MSG_TYPE;
7560+
opt->len = 1;
7561+
opt->data[0] = DHCP_ACK;
7562+
opt = (struct dhcp_option *)((uint8_t *)opt + 3);
7563+
opt->code = DHCP_OPTION_SUBNET_MASK;
7564+
opt->len = 0;
7565+
7566+
ck_assert_int_eq(dhcp_parse_ack(&s, &msg, DHCP_HEADER_LEN + 5), -1);
73507567
}
73517568
END_TEST
73527569

@@ -15432,6 +15649,17 @@ Suite *wolf_suite(void)
1543215649
tcase_add_test(tc_utils, test_dns_callback_bad_rr_rdlen);
1543315650
tcase_add_test(tc_utils, test_dhcp_parse_offer_no_match);
1543415651
tcase_add_test(tc_utils, test_dhcp_parse_ack_invalid);
15652+
tcase_add_test(tc_utils, test_dhcp_parse_offer_short_len_rejected);
15653+
tcase_add_test(tc_utils, test_dhcp_parse_offer_truncated_option_rejected);
15654+
tcase_add_test(tc_utils, test_dhcp_parse_offer_len_lt_four_rejected);
15655+
tcase_add_test(tc_utils, test_dhcp_parse_offer_missing_end_rejected);
15656+
tcase_add_test(tc_utils, test_dhcp_parse_ack_truncated_option_rejected);
15657+
tcase_add_test(tc_utils, test_dhcp_parse_ack_len_lt_four_rejected);
15658+
tcase_add_test(tc_utils, test_dhcp_parse_ack_missing_end_rejected);
15659+
tcase_add_test(tc_utils, test_dhcp_parse_offer_bad_magic_rejected);
15660+
tcase_add_test(tc_utils, test_dhcp_parse_ack_bad_magic_rejected);
15661+
tcase_add_test(tc_utils, test_dhcp_parse_offer_zero_len_option_rejected);
15662+
tcase_add_test(tc_utils, test_dhcp_parse_ack_zero_len_option_rejected);
1543515663
tcase_add_test(tc_utils, test_dhcp_poll_no_data_and_wrong_state);
1543615664
tcase_add_test(tc_utils, test_dhcp_callback_null_and_off_state);
1543715665
#if WOLFIP_ENABLE_FORWARDING

0 commit comments

Comments
 (0)