On Thu, Dec 06, 2018 at 08:04:54PM +0100, Remi Locherer wrote:
> On Thu, Dec 06, 2018 at 03:24:52PM +0100, Claudio Jeker wrote:
> > On Wed, Dec 05, 2018 at 11:53:48PM +0100, Remi Locherer wrote:
> > > On Wed, Dec 05, 2018 at 09:22:22AM +0100, Claudio Jeker wrote:
> > > > When parsing a network mask into prefixlen be more paranoid and make
> > > > sure
> > > > no value bigger then 128 is returned. In general this should never
> > > > happen
> > > > but if it does the result can be bad.
> > > >
> > > > This is for bgpd but there are other users in the tree. I will adjust
> > > > them
> > > > if we dicide to go this way.
> > > > --
> > > > :wq Claudio
> > > >
> > >
> > > makes sense to me.
> > >
> > > OK remi@
> > >
> >
> > Here the same diff against other users of mask2prefixlen6().
> > IIRC there are some other users with different function names which I need
> > to hunt down (unless someone else wants to do that job).
> >
> > Iked is a bit special since it returns 0 for non-contiguous netmasks.
> > Wonder if we should put a fatalx() there too - like in the other daemons.
>
> I think it should be fatalx() also for iked.
>
> Your diff looks good to me, OK remi@.
>
> Below the same diff for ospf6d. Feel free to commit it together with
> the rest.
>
Na, you can do that one :). OK claudio@
>
> cvs diff: Diffing .
> Index: util.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ospf6d/util.c,v
> retrieving revision 1.2
> diff -u -p -r1.2 util.c
> --- util.c 22 Oct 2012 07:28:49 -0000 1.2
> +++ util.c 6 Dec 2018 18:49:51 -0000
> @@ -91,7 +91,8 @@ clearscope(struct in6_addr *in6)
> u_int8_t
> mask2prefixlen(struct sockaddr_in6 *sa_in6)
> {
> - u_int8_t l = 0, *ap, *ep;
> + u_int8_t *ap, *ep;
> + u_int l = 0;
>
> /*
> * sin6_len is the size of the sockaddr so substract the offset of
> @@ -107,32 +108,35 @@ mask2prefixlen(struct sockaddr_in6 *sa_i
> break;
> case 0xfe:
> l += 7;
> - return (l);
> + goto done;
> case 0xfc:
> l += 6;
> - return (l);
> + goto done;
> case 0xf8:
> l += 5;
> - return (l);
> + goto done;
> case 0xf0:
> l += 4;
> - return (l);
> + goto done;
> case 0xe0:
> l += 3;
> - return (l);
> + goto done;
> case 0xc0:
> l += 2;
> - return (l);
> + goto done;
> case 0x80:
> l += 1;
> - return (l);
> + goto done;
> case 0x00:
> - return (l);
> + goto done;
> default:
> fatalx("non contiguous inet6 netmask");
> }
> }
>
> +done:
> + if (l > sizeof(struct in6_addr) * 8)
> + fatalx("%s: prefixlen %d out of bound", __func__, l);
> return (l);
> }
>
>
--
:wq Claudio
