Don't crash on (invalid) hardware address lengths > 127.

These would cause us to crash with a NegativeArraySizeException when trying to create the clientMac array. Instead, if the length is > 16 (invalid, because the field is only 16 bytes long), fudge it to 6 (Ethernet / wifi). This is a bit less liberal than the legacy client, which doesn't check the length at all. Bug: 23725795 Change-Id: I83f47bfc400ffa8ce85dd9d1b8eb96be5afe51a5
author: Lorenzo Colitti <lorenzo@google.com> 2015-09-03 17:36:20 +0900
committer: The Android Automerger <android-build@google.com> 2015-09-03 10:44:23 -0700
commit: 704a5a0c72a95d2b12b3410fb0a26399908055d4 (patch)
tree: fe5c508a6f55c2b9f4caacdc5a8910891c7cbdae /services/tests/servicestests/src
parent: e1d47a7bc9236343bafe9d49882d143af2b6d11b (diff)
download: frameworks_base-704a5a0c72a95d2b12b3410fb0a26399908055d4.zip
frameworks_base-704a5a0c72a95d2b12b3410fb0a26399908055d4.tar.gz
frameworks_base-704a5a0c72a95d2b12b3410fb0a26399908055d4.tar.bz2
1 files changed, 70 insertions, 0 deletions
diff --git a/services/tests/servicestests/src/android/net/dhcp/DhcpPacketTest.java b/services/tests/servicestests/src/android/net/dhcp/DhcpPacketTest.java
index da1df1a..cd3b8bb 100644
--- a/services/tests/servicestests/src/android/net/dhcp/DhcpPacketTest.java
+++ b/services/tests/servicestests/src/android/net/dhcp/DhcpPacketTest.java
@@ -333,6 +333,76 @@ public class DhcpPacketTest extends TestCase {
     }
 
     @SmallTest
+    public void testBadHwaddrLength() throws Exception {
+        final ByteBuffer packet = ByteBuffer.wrap(HexEncoding.decode((
+            // IP header.
+            "450001518d0600004011144dc0a82b01c0a82bf7" +
+            // UDP header.
+            "00430044013d9ac7" +
+            // BOOTP header.
+            "02010600dfc23d1f0002000000000000c0a82bf7c0a82b0100000000" +
+            // MAC address.
+            "30766ff2a90c00000000000000000000" +
+            // Server name.
+            "0000000000000000000000000000000000000000000000000000000000000000" +
+            "0000000000000000000000000000000000000000000000000000000000000000" +
+            // File.
+            "0000000000000000000000000000000000000000000000000000000000000000" +
+            "0000000000000000000000000000000000000000000000000000000000000000" +
+            "0000000000000000000000000000000000000000000000000000000000000000" +
+            "0000000000000000000000000000000000000000000000000000000000000000" +
+            // Options
+            "638253633501023604c0a82b01330400000e103a04000007083b0400000c4e0104ffffff00" +
+            "1c04c0a82bff0304c0a82b010604c0a82b012b0f414e44524f49445f4d455445524544ff"
+        ).toCharArray(), false));
+        String expectedClientMac = "30766FF2A90C";
+
+        final int hwAddrLenOffset = 20 + 8 + 2;
+        assertEquals(6, packet.get(hwAddrLenOffset));
+
+        // Expect the expected.
+        DhcpPacket offerPacket = DhcpPacket.decodeFullPacket(packet, ENCAP_L3);
+        assertNotNull(offerPacket);
+        assertEquals(6, offerPacket.getClientMac().length);
+        assertEquals(expectedClientMac, HexDump.toHexString(offerPacket.getClientMac()));
+
+        // Reduce the hardware address length and verify that it shortens the client MAC.
+        packet.flip();
+        packet.put(hwAddrLenOffset, (byte) 5);
+        offerPacket = DhcpPacket.decodeFullPacket(packet, ENCAP_L3);
+        assertNotNull(offerPacket);
+        assertEquals(5, offerPacket.getClientMac().length);
+        assertEquals(expectedClientMac.substring(0, 10),
+                HexDump.toHexString(offerPacket.getClientMac()));
+
+        packet.flip();
+        packet.put(hwAddrLenOffset, (byte) 3);
+        offerPacket = DhcpPacket.decodeFullPacket(packet, ENCAP_L3);
+        assertNotNull(offerPacket);
+        assertEquals(3, offerPacket.getClientMac().length);
+        assertEquals(expectedClientMac.substring(0, 6),
+                HexDump.toHexString(offerPacket.getClientMac()));
+
+        // Set the the hardware address length to 0xff and verify that we a) don't treat it as -1
+        // and crash, and b) hardcode it to 6.
+        packet.flip();
+        packet.put(hwAddrLenOffset, (byte) -1);
+        offerPacket = DhcpPacket.decodeFullPacket(packet, ENCAP_L3);
+        assertNotNull(offerPacket);
+        assertEquals(6, offerPacket.getClientMac().length);
+        assertEquals(expectedClientMac, HexDump.toHexString(offerPacket.getClientMac()));
+
+        // Set the the hardware address length to a positive invalid value (> 16) and verify that we
+        // hardcode it to 6.
+        packet.flip();
+        packet.put(hwAddrLenOffset, (byte) 17);
+        offerPacket = DhcpPacket.decodeFullPacket(packet, ENCAP_L3);
+        assertNotNull(offerPacket);
+        assertEquals(6, offerPacket.getClientMac().length);
+        assertEquals(expectedClientMac, HexDump.toHexString(offerPacket.getClientMac()));
+    }
+
+    @SmallTest
     public void testPadAndOverloadedOptionsOffer() throws Exception {
         // A packet observed in the real world that is interesting for two reasons:
         //
author	Lorenzo Colitti <lorenzo@google.com>	2015-09-03 17:36:20 +0900
committer	The Android Automerger <android-build@google.com>	2015-09-03 10:44:23 -0700
commit	704a5a0c72a95d2b12b3410fb0a26399908055d4 (patch)
tree	fe5c508a6f55c2b9f4caacdc5a8910891c7cbdae /services/tests/servicestests/src
parent	e1d47a7bc9236343bafe9d49882d143af2b6d11b (diff)
download	frameworks_base-704a5a0c72a95d2b12b3410fb0a26399908055d4.zip frameworks_base-704a5a0c72a95d2b12b3410fb0a26399908055d4.tar.gz frameworks_base-704a5a0c72a95d2b12b3410fb0a26399908055d4.tar.bz2