Feature #13584
closedInput validation for numbered DHCP options in static mappings
100%
Description
Bug: Incorrectly formatted values in Additional BOOTP/DHCP Options for Static DHCP Mappings cause dhcpd to crash. For example, the Option
43:Text:"Raspberry Pi Boot "
will save as expected and apply, but dhcpd logs will show a failure.
Oct 19 12:41:43 dhcpd 86624 exiting. Oct 19 12:41:43 dhcpd 86624 process and the information we find helpful for debugging. Oct 19 12:41:43 dhcpd 86624 before submitting a bug. These pages explain the proper Oct 19 12:41:43 dhcpd 86624 bugs on either our web page at www.isc.org or in the README file Oct 19 12:41:43 dhcpd 86624 than a configuration issue please read the section on submitting Oct 19 12:41:43 dhcpd 86624 If you think you have received this message due to a bug rather Oct 19 12:41:43 dhcpd 86624 Configuration file errors encountered -- exiting Oct 19 12:41:43 dhcpd 86624 ^ Oct 19 12:41:43 dhcpd 86624 option custom-s_lan_0-0 ""Raspberry Oct 19 12:41:43 dhcpd 86624 /etc/dhcpd.conf line 47: semicolon expected.
Fix: Perform input validation in the Additional BOOTP/DHCP Options fields for Static DHCP Mappings entries in services_dhcp_edit.php:158 just as is currently being done in services_dhcp.php:477 .
Not a PHP developer in the slightest so don't really know where to start to actually implement and test any sort of input validation, but if someone wanted to walk me through some steps to get started, I'd be happy to take a crack at it and submit a pull request.
Files
Related issues
Updated by Kris Phillips about 2 years ago
Hello Jonathan,
What version of pfSense or pfSense Plus did you test this on? The bug report includes no Affected Version information.
Updated by Jonathan DeFreeuw about 2 years ago
This is on 2.6.0-RELEASE (amd64).
Updated by Christian McDonald about 2 years ago
- Assignee set to Christian McDonald
- Target version set to 2.7.0
- Plus Target Version set to 23.01
Updated by Christian McDonald about 2 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 196042028df24092a0ed87282000e81598591562.
Updated by Danilo Zrenjanin about 2 years ago
- File clipboard-202210271205-fgbxc.png clipboard-202210271205-fgbxc.png added
- Status changed from Feedback to Resolved
Tested on:
2.7.0-DEVELOPMENT (amd64) built on Thu Oct 27 06:05:35 UTC 2022 FreeBSD 14.0-CURRENT
I couldn't save the config with quotation marks in the text field.
The following input errors were detected: Text type cannot include quotation marks.
I am marking this ticket resolved.
Updated by Jim Pingle about 2 years ago
- Tracker changed from Bug to Feature
- Subject changed from Input Validation on DHCP Options for Static Mappings to Input validation for numbered DHCP options in static mappings
Updating subject for release notes.
Updated by Jim Pingle almost 2 years ago
- Has duplicate Bug #13954: Invalid custom DHCP option data can cause the DHCP daemon to fail added