Re: be more strict when parsing netmasks for IPv6

Thu, 06 Dec 2018 11:05:49 -0800 

On Thu, Dec 06, 2018 at 03:24:52PM +0100, Claudio Jeker wrote:
> On Wed, Dec 05, 2018 at 11:53:48PM +0100, Remi Locherer wrote:
> > On Wed, Dec 05, 2018 at 09:22:22AM +0100, Claudio Jeker wrote:
> > > When parsing a network mask into prefixlen be more paranoid and make sure
> > > no value bigger then 128 is returned. In general this should never happen
> > > but if it does the result can be bad.
> > > 
> > > This is for bgpd but there are other users in the tree. I will adjust them
> > > if we dicide to go this way.
> > > -- 
> > > :wq Claudio
> > > 
> > 
> > makes sense to me.
> > 
> > OK remi@
> > 
> 
> Here the same diff against other users of mask2prefixlen6().
> IIRC there are some other users with different function names which I need
> to hunt down (unless someone else wants to do that job).
> 
> Iked is a bit special since it returns 0 for non-contiguous netmasks.
> Wonder if we should put a fatalx() there too - like in the other daemons.

I think it should be fatalx() also for iked.

Your diff looks good to me, OK remi@.

Below  the same diff for ospf6d. Feel free to commit it together with
the rest.



cvs diff: Diffing .
Index: util.c
===================================================================
RCS file: /cvs/src/usr.sbin/ospf6d/util.c,v
retrieving revision 1.2
diff -u -p -r1.2 util.c
--- util.c      22 Oct 2012 07:28:49 -0000      1.2
+++ util.c      6 Dec 2018 18:49:51 -0000
@@ -91,7 +91,8 @@ clearscope(struct in6_addr *in6)
 u_int8_t
 mask2prefixlen(struct sockaddr_in6 *sa_in6)
 {
-       u_int8_t        l = 0, *ap, *ep;
+       u_int8_t        *ap, *ep;
+       u_int            l = 0;
 
        /*
         * sin6_len is the size of the sockaddr so substract the offset of
@@ -107,32 +108,35 @@ mask2prefixlen(struct sockaddr_in6 *sa_i
                        break;
                case 0xfe:
                        l += 7;
-                       return (l);
+                       goto done;
                case 0xfc:
                        l += 6;
-                       return (l);
+                       goto done;
                case 0xf8:
                        l += 5;
-                       return (l);
+                       goto done;
                case 0xf0:
                        l += 4;
-                       return (l);
+                       goto done;
                case 0xe0:
                        l += 3;
-                       return (l);
+                       goto done;
                case 0xc0:
                        l += 2;
-                       return (l);
+                       goto done;
                case 0x80:
                        l += 1;
-                       return (l);
+                       goto done;
                case 0x00:
-                       return (l);
+                       goto done;
                default:
                        fatalx("non contiguous inet6 netmask");
                }
        }
 
+done:
+       if (l > sizeof(struct in6_addr) * 8)
+               fatalx("%s: prefixlen %d out of bound", __func__, l);
        return (l);
 }

Reply via email to