Date: Wed, 21 May 2025 05:48:34 GMT From: Lexi Winter <ivy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 59ee9260e6bb - main - ifconfig: reject netmask and broadcast for inet6 Message-ID: <202505210548.54L5mYMs022941@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=59ee9260e6bbcc3b5654126eed6e9490315c81f1 commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1 Author: Lexi Winter <ivy@FreeBSD.org> AuthorDate: 2025-05-21 03:59:59 +0000 Commit: Lexi Winter <ivy@FreeBSD.org> CommitDate: 2025-05-21 05:46:17 +0000 ifconfig: reject netmask and broadcast for inet6 We don't support setting netmask or broadcast address for INET6 addresses, and trying to do crashes ifconfig. Handle this the same way as af_link, by rejecting attempts to configure these parameters. PR: 286910 Reported by: Hayzam Sherif <hayzam@alchemilla.io> MFC after: 3 days Reviewed by: zlei, kevans, des, cy Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D50413 --- sbin/ifconfig/af_inet6.c | 5 +++ sbin/ifconfig/tests/Makefile | 7 ++-- sbin/ifconfig/tests/inet6.sh | 84 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 2 deletions(-) diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c index fcd04139a8c1..17dc068ee875 100644 --- a/sbin/ifconfig/af_inet6.c +++ b/sbin/ifconfig/af_inet6.c @@ -428,6 +428,11 @@ in6_getaddr(const char *addr_str, int which) { struct in6_px *px = sin6tab_nl[which]; + if (which == MASK) + errx(1, "netmask: invalid option for inet6"); + if (which == BRDADDR) + errx(1, "broadcast: invalid option for inet6"); + px->set = true; px->plen = 128; if (which == ADDR) { diff --git a/sbin/ifconfig/tests/Makefile b/sbin/ifconfig/tests/Makefile index ff545f603085..e902f262552a 100644 --- a/sbin/ifconfig/tests/Makefile +++ b/sbin/ifconfig/tests/Makefile @@ -1,5 +1,8 @@ -NETBSD_ATF_TESTS_SH= nonexistent_test +NETBSD_ATF_TESTS_SH= nonexistent_test +ATF_TESTS_SH+= inet6 -.include <netbsd-tests.test.mk> +TEST_METADATA+= execenv="jail" +TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets" +.include <netbsd-tests.test.mk> .include <bsd.test.mk> diff --git a/sbin/ifconfig/tests/inet6.sh b/sbin/ifconfig/tests/inet6.sh new file mode 100644 index 000000000000..cf7f97e01d79 --- /dev/null +++ b/sbin/ifconfig/tests/inet6.sh @@ -0,0 +1,84 @@ +#! /bin/sh +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2025 Lexi Winter + +. $(atf_get_srcdir)/../../sys/common/vnet.subr + +# Bug 286910: adding 'netmask' or 'broadcast' to an IPv6 address crashed +# ifconfig. + +atf_test_case "netmask" "cleanup" +netmask_head() +{ + atf_set descr "Test invalid 'netmask' option" + atf_set require.user root +} + +netmask_body() +{ + vnet_init + + ep=$(vnet_mkepair) + vnet_mkjail ifcjail ${ep}a + + # Add the address the wrong way + atf_check -s exit:1 \ + -e match:"ifconfig: netmask: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 + + # Add the address the correct way + atf_check -s exit:0 \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64 + atf_check -s exit:0 -o match:"2001:db8:1::1 prefixlen 64" \ + jexec ifcjail ifconfig ${ep}a + + # Remove the address the wrong way + atf_check -s exit:1 \ + -e match:"ifconfig: netmask: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 -alias +} + +netmask_cleanup() +{ + vnet_cleanup +} + +atf_test_case "broadcast" "cleanup" +broadcast_head() +{ + atf_set descr "Test invalid 'broadcast' option" + atf_set require.user root +} + +broadcast_body() +{ + vnet_init + + ep=$(vnet_mkepair) + vnet_mkjail ifcjail ${ep}a + + atf_check -s exit:1 \ + -e match:"ifconfig: broadcast: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a \ + inet6 2001:db8:1::1 broadcast 2001:db8:1::ffff + + atf_check -s exit:0 \ + jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64 + + atf_check -s exit:1 \ + -e match:"ifconfig: broadcast: invalid option for inet6" \ + jexec ifcjail ifconfig ${ep}a \ + inet6 2001:db8:1::1 broadcast 2001:db:1::ffff -alias +} + +broadcast_cleanup() +{ + vnet_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case netmask + atf_add_test_case broadcast +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505210548.54L5mYMs022941>