Details
-
Bug
-
Status: Resolved (View Workflow)
-
Critical
-
Resolution: Fixed
-
Meridian-2016.1.3
-
Security Level: Default (Default Security Scheme)
-
Horizon - September 6th
Description
User reports the following messages in dhcpd.log:
2017-05-30 14:43:08,512 WARN [DHCPReceiver] o.o.n.d.Receiver: An error occurred when reading DHCP response. Ignoring exception: java.lang.ArrayIndexOutOfBoundsException: 312 at edu.bucknell.net.JDHCP.DHCPOptions.internalize(DHCPOptions.java:120) ~[jdhcp-1.1.1.jar:?] at edu.bucknell.net.JDHCP.DHCPMessage.internalize(DHCPMessage.java:423) ~[jdhcp-1.1.1.jar:?] at edu.bucknell.net.JDHCP.DHCPMessage.<init>(DHCPMessage.java:242) ~[jdhcp-1.1.1.jar:?] at org.opennms.netmgt.dhcpd.Receiver.run(Receiver.java:134) [org.opennms.protocols.dhcp-2016.1.3.jar:?] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_92]
I tracked down a copy of the jdhcp-1.1.1 source code and found that the DHCPOptions class' internalize method does no bounds checking.
The jDHCP project looks orphaned; should we consider adopting it and implementing some defensive code here? Or can we handle the exception gracefully on our side?