I have generated a base64 encoded value using python's os.urandom and base64.b64encode functions that causes isc dhcp3-server to fail when it parses it as a HMAC-MD5 key for omapi<div><br></div><div>The python code used to generate it was:</div>
<div>base64.b64encode(os.urandom(64))</div><div><br></div><div>The key in question is:</div><div><meta charset="utf-8"><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">XQhFIJF1HGrlAZKQbIu2VBZxLGXbjE</span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "></span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">I5Y0VMw0zzoiEyKKw1U/</span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "></span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">1yTgTVU2nKVjnUdnRHa+p66+NO+</span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "></span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">iwteSPRrg==</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "><meta charset="utf-8"><span class="Apple-style-span" style="border-collapse: separate; font-family: arial; "><div>
The original random byte-string can be decoded as follows:</div><div><div>base64.b64decode('XQhFIJF1HGrlAZKQbIu2VBZxLGXbjEI5Y0VMw0zzoiEyKKw1U/1yTgTVU2nKVjnUdnRHa+p66+NO+iwteSPRrg==')</div><div><br></div><div>result is:</div>
<div>']\x08E \x91u\x1cj\xe5\x01\x92\x90l\x8b\xb6T\x16q,e\xdb\x8cB9cEL\xc3L\xf3\xa2!2(\xac5S\xfdrN\x04\xd5Si\xcaV9\xd4vtGk\xeaz\xeb\xe3N\xfa,-y#\xd1\xae'</div></div><div><br></div><div><br></div></span></span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">The error received is:</span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">dhcpd: /var/run/network/505/dhcpd.conf line 14: <span class="il" style="background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 204); color: rgb(34, 34, 34); background-position: initial initial; background-repeat: initial initial; ">partial</span> <span class="il" style="background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 204); color: rgb(34, 34, 34); background-position: initial initial; background-repeat: initial initial; ">base64</span> value left over: 14.<br>
secret XQhFIJF1HGrlAZKQbIu2VBZxLGXbjEI5Y0VMw0zzoiEyKKw1U/1yTgTVU2nKVjnUdnRHa</span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">This is easily reproducible with the clause:</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">key omapi_key {</span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">    algorithm HMAC-MD5;</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">    secret </span><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">XQhFIJF1HGrlAZKQbIu2VBZxLGXbjEI5Y0VMw0zzoiEyKKw1U/1yTgTVU2nKVjnUdnRHa+p66+NO+iwteSPRrg==;</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">};</span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; ">omapi-key omapi_key;</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; border-collapse: collapse; "><br></span></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">This is using isc-dhcpd-V3.1.3 on Ubuntu 10.04 LTS</span></font></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">Most random strings generated by os.urandom(64) and encoded by base64.b64encode() are handled fine by dhcpd3, but occasionally it generates one that dhcpd3's base64 parser can't handle.  This is just one example of a failing string.</span></font></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">I'm trying to determine whether the bug is on the dhcpd parser side or the python generator side.  My inclination is that it is dhcpd3.</span></font></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">Any help from someone who knows the internals of the dhcpd base64 parser would be greatly appreciated.</span></font></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">Thanks,</span></font></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">Pete</span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br>
</span></font></div><meta charset="utf-8">