Date: Sun, 1 Jun 2025 09:22:24 GMT From: Lexi Winter <ivy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: cf624ffa812c - stable/14 - ifconfig: reject netmask and broadcast for inet6 Message-ID: <202506010922.5519MOtk049214@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=cf624ffa812c90f8bd4b37f42488db1e782be883 commit cf624ffa812c90f8bd4b37f42488db1e782be883 Author: Lexi Winter <ivy@FreeBSD.org> AuthorDate: 2025-05-21 03:59:59 +0000 Commit: Lexi Winter <ivy@FreeBSD.org> CommitDate: 2025-06-01 09:14:52 +0000 ifconfig: reject netmask and broadcast for inet6 We don't support setting netmask or broadcast address for INET6 addresses, and trying to do crashes ifconfig. Handle this the same way as af_link, by rejecting attempts to configure these parameters. PR: 286910 Reported by: Hayzam Sherif <hayzam@alchemilla.io> MFC after: 3 days Reviewed by: zlei, kevans, des, cy Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D50413 (cherry picked from commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1) ifconfig tests: remove incorrect #! Fixes: 59ee9260e6bb ("ifconfig: reject netmask and broadcast for inet6") Reviewed by: des Differential Revision: https://reviews.freebsd.org/D50566 (cherry picked from commit 6ab70fbec4236a940275a42e301f76ade7faacbf) --- sbin/ifconfig/af_inet6.c | 5 +++ sbin/ifconfig/tests/Makefile | 6 ++-- sbin/ifconfig/tests/inet6.sh | 83 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+), 2 deletions(-) diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c index fcd04139a8c1..17dc068ee875 100644 --- a/sbin/ifconfig/af_inet6.c +++ b/sbin/ifconfig/af_inet6.c @@ -428,6 +428,11 @@ in6_getaddr(const char *addr_str, int which) { struct in6_px *px = sin6tab_nl[which]; + if (which == MASK) + errx(1, "netmask: invalid option for inet6"); + if (which == BRDADDR) + errx(1, "broadcast: invalid option for inet6"); + px->set = true; px->plen = 128; if (which == ADDR) { diff --git a/sbin/ifconfig/tests/Makefile b/sbin/ifconfig/tests/Makefile index 9b29983afc7c..e902f262552a 100644 --- a/sbin/ifconfig/tests/Makefile +++ b/sbin/ifconfig/tests/Makefile @@ -1,6 +1,8 @@ +NETBSD_ATF_TESTS_SH= nonexistent_test +ATF_TESTS_SH+= inet6 -NETBSD_ATF_TESTS_SH= nonexistent_test +TEST_METADATA+= execenv="jail" +TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets" .include <netbsd-tests.test.mk> - .include <bsd.test.mk> diff --git a/sbin/ifconfig/tests/inet6.sh b/sbin/ifconfig/tests/inet6.sh new file mode 100644 index 000000000000..edfd88d93af7 --- /dev/null +++ b/sbin/ifconfig/tests/inet6.sh @@ -0,0 +1,83 @@ +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2025 Lexi Winter + +. $(atf_get_srcdir)/../../sys/common/vnet.subr + +# Bug 286910: adding 'netmask' or 'broadcast' to an IPv6 address crashed +# ifconfig. + +atf_test_case "netmask" "cleanup" +netmask_head() +{ + atf_set descr "Test invalid 'netmask' option" + atf_set require.user root +} + +netmask_body() +{ + vnet_init + + ep=$(vnet_mkepair) + vnet_mkjail ifcjail ${ep}a + + # Add the address the wrong way + atf_check -s exit:1 \ + -e match:"ifconfig: netmask: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 + + # Add the address the correct way + atf_check -s exit:0 \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64 + atf_check -s exit:0 -o match:"2001:db8:1::1 prefixlen 64" \ + jexec ifcjail ifconfig ${ep}a + + # Remove the address the wrong way + atf_check -s exit:1 \ + -e match:"ifconfig: netmask: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 -alias +} + +netmask_cleanup() +{ + vnet_cleanup +} + +atf_test_case "broadcast" "cleanup" +broadcast_head() +{ + atf_set descr "Test invalid 'broadcast' option" + atf_set require.user root +} + +broadcast_body() +{ + vnet_init + + ep=$(vnet_mkepair) + vnet_mkjail ifcjail ${ep}a + + atf_check -s exit:1 \ + -e match:"ifconfig: broadcast: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a \ + inet6 2001:db8:1::1 broadcast 2001:db8:1::ffff + + atf_check -s exit:0 \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64 + + atf_check -s exit:1 \ + -e match:"ifconfig: broadcast: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a \ + inet6 2001:db8:1::1 broadcast 2001:db:1::ffff -alias +} + +broadcast_cleanup() +{ + vnet_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case netmask + atf_add_test_case broadcast +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506010922.5519MOtk049214>