From a0d1f03617294e62d677e5d3591b82d0b0caf93c Mon Sep 17 00:00:00 2001
From: Stefan Walter <stefan_walter@posteo.de>
Date: Sat, 12 Apr 2025 12:11:00 +0200
Subject: [PATCH] DHCP poisoner: refactor FindIP

- do not crash on IP addresses where one octet contains 0x45 0x4f or 0x46

- operate on bytes (avoid encoding/decoding round-trip)
  and use simple string search instead of regular expressions

closes #181
closes #304
---
 poisoners/DHCP.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/poisoners/DHCP.py b/poisoners/DHCP.py
index a0e1713..602fdc2 100755
--- a/poisoners/DHCP.py
+++ b/poisoners/DHCP.py
@@ -239,9 +239,12 @@ def ParseSrcDSTAddr(data):
     return SrcIP, SrcPort, DstIP, DstPort
 
 def FindIP(data):
-    data = data.decode('latin-1')
-    IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
-    return ''.join(IP[0:4]).encode('latin-1')
+    IPPos = data.find(b"\x32\x04") + 2
+    if IPPos == -1 or IPPos + 4 >= len(data):
+        return None
+    else:
+        IP = data[IPPos:IPPos+4]
+        return IP
 
 def ParseDHCPCode(data, ClientIP,DHCP_DNS):
     global DHCPClient