The branch main has been updated by jhb:
URL:
https://cgit.FreeBSD.org/src/commit/?id=f3eb1514ce44aea5d288a74f34a0c6925ecd43ea
commit f3eb1514ce44aea5d288a74f34a0c6925ecd43ea
Author: John Baldwin <j...@freebsd.org>
AuthorDate: 2025-04-11 14:01:48 +0000
Commit: John Baldwin <j...@freebsd.org>
CommitDate: 2025-04-11 14:01:48 +0000
ctld: Tighten parsing of IPv6 addresses for initiator-portal
If an address starts with a [ character, require that it ends with a ]
character. Also, if an address starts with a [ character, assume it
is an IPv6 address.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49647
---
usr.sbin/ctld/ctld.cc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/usr.sbin/ctld/ctld.cc b/usr.sbin/ctld/ctld.cc
index 08ac91a75c21..bc794815830c 100644
--- a/usr.sbin/ctld/ctld.cc
+++ b/usr.sbin/ctld/ctld.cc
@@ -319,14 +319,17 @@ auth_portal_new(struct auth_group *ag, const char *portal)
ap->ap_initiator_portal = checked_strdup(portal);
mask = str = checked_strdup(portal);
net = strsep(&mask, "/");
- if (net[0] == '[')
+ if (net[0] == '[') {
net++;
- len = strlen(net);
- if (len == 0)
- goto error;
- if (net[len - 1] == ']')
+ len = strlen(net);
+ if (len < 2)
+ goto error;
+ if (net[len - 1] != ']')
+ goto error;
net[len - 1] = 0;
- if (strchr(net, ':') != NULL) {
+ } else if (net[0] == '\0')
+ goto error;
+ if (str[0] == '[' || strchr(net, ':') != NULL) {
struct sockaddr_in6 *sin6 =
(struct sockaddr_in6 *)&ap->ap_sa;
