On Wed, Dec 05, 2018 at 09:22:22AM +0100, Claudio Jeker wrote:
> When parsing a network mask into prefixlen be more paranoid and make sure
> no value bigger then 128 is returned. In general this should never happen
> but if it does the result can be bad.
>
> This is for bgpd but there are other users in the tree. I will adjust them
> if we dicide to go this way.
> --
> :wq Claudio
>
makes sense to me.
OK remi@
> Index: kroute.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
> retrieving revision 1.225
> diff -u -p -r1.225 kroute.c
> --- kroute.c 5 Nov 2018 07:01:15 -0000 1.225
> +++ kroute.c 19 Nov 2018 12:46:23 -0000
> @@ -2406,7 +2406,8 @@ mask2prefixlen(in_addr_t ina)
> u_int8_t
> mask2prefixlen6(struct sockaddr_in6 *sa_in6)
> {
> - u_int8_t l = 0, *ap, *ep;
> + u_int8_t *ap, *ep;
> + u_int l = 0;
>
> /*
> * sin6_len is the size of the sockaddr so substract the offset of
> @@ -2422,32 +2423,35 @@ mask2prefixlen6(struct sockaddr_in6 *sa_
> break;
> case 0xfe:
> l += 7;
> - return (l);
> + goto done;
> case 0xfc:
> l += 6;
> - return (l);
> + goto done;
> case 0xf8:
> l += 5;
> - return (l);
> + goto done;
> case 0xf0:
> l += 4;
> - return (l);
> + goto done;
> case 0xe0:
> l += 3;
> - return (l);
> + goto done;
> case 0xc0:
> l += 2;
> - return (l);
> + goto done;
> case 0x80:
> l += 1;
> - return (l);
> + goto done;
> case 0x00:
> - return (l);
> + goto done;
> default:
> fatalx("non contiguous inet6 netmask");
> }
> }
>
> + done:
> + if (l > sizeof(struct in6_addr) * 8)
> + fatalx("%s: prefixlen %d out of bound", __func__, l);
> return (l);
> }
>
>