Wireshark-bugs: [Wireshark-bugs] [Bug 6948] Validation of DHCP Extensions in DHCP Offer packet

Date: Fri, 16 Mar 2012 05:05:25 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6948

Jaap Keuter <jaap.keuter@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Jaap Keuter <jaap.keuter@xxxxxxxxx> 2012-03-16 05:05:25 PDT ---
> At viewing the DHCP Offer packet there are various fields inside the Boostrap
> Protocol. RFC2132 defines various extensions by using Option codes.
> 
> One of them is Bootfile name with option code 67.

1) Yes, DHCP option 67, according to RFC 2132 clause 9.5, is the option for the
"Bootfile name". It's an DHCP extension, which has to adhere to the TLV format.
Its tag value is 67, its length is the length of the filename. 

> This filename should be according to RFC 3456 a null terminated string.

2) This RFC 3456 describes "DHCPv4 Configuration of IPsec Tunnel Mode". Clause
4.1 lists the DHCPDISCOVER message, as it is used in this context. 'file' is a
(fixed) field in the BOOTP message, and may contain the null terminated boot
file name.

> The missing of the null termination could be showed up as a problem by
> wireshark.

Here you mix up two items:
1) describes an DHCP option.
2) describes an BOOTP field.

They both can be used to convey a boot file name, but their formatting is very
different:

1) is a TLV.
2) is a fixed sized field.

both have their own size indicators:

1) has an explicit length.
2) has to rely on a NULL, or the maximum size (128) although the last character
must be a NULL. 

Conclusion: for DHCP option 67 there is no guarantee that the value is NULL
terminated.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.