git: cf624ffa812c - stable/14 - ifconfig: reject netmask and broadcast for inet6

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lexi Winter <ivy_at_FreeBSD.org>
Date: Sun, 01 Jun 2025 09:22:24 UTC
The branch stable/14 has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=cf624ffa812c90f8bd4b37f42488db1e782be883

commit cf624ffa812c90f8bd4b37f42488db1e782be883
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-21 03:59:59 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-06-01 09:14:52 +0000

    ifconfig: reject netmask and broadcast for inet6
    
    We don't support setting netmask or broadcast address for INET6
    addresses, and trying to do crashes ifconfig.  Handle this the
    same way as af_link, by rejecting attempts to configure these
    parameters.
    
    PR:     286910
    Reported by:    Hayzam Sherif <hayzam@alchemilla.io>
    MFC after:      3 days
    Reviewed by:    zlei, kevans, des, cy
    Approved by:    kevans (mentor)
    Differential Revision:  https://reviews.freebsd.org/D50413
    
    (cherry picked from commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1)
    
    ifconfig tests: remove incorrect #!
    
    Fixes: 59ee9260e6bb ("ifconfig: reject netmask and broadcast for inet6")
    
    Reviewed by:    des
    Differential Revision:  https://reviews.freebsd.org/D50566
    
    (cherry picked from commit 6ab70fbec4236a940275a42e301f76ade7faacbf)
---
 sbin/ifconfig/af_inet6.c     |  5 +++
 sbin/ifconfig/tests/Makefile |  6 ++--
 sbin/ifconfig/tests/inet6.sh | 83 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 92 insertions(+), 2 deletions(-)

diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c
index fcd04139a8c1..17dc068ee875 100644
--- a/sbin/ifconfig/af_inet6.c
+++ b/sbin/ifconfig/af_inet6.c
@@ -428,6 +428,11 @@ in6_getaddr(const char *addr_str, int which)
 {
         struct in6_px *px = sin6tab_nl[which];
 
+	if (which == MASK)
+		errx(1, "netmask: invalid option for inet6");
+	if (which == BRDADDR)
+		errx(1, "broadcast: invalid option for inet6");
+
         px->set = true;
         px->plen = 128;
         if (which == ADDR) {
diff --git a/sbin/ifconfig/tests/Makefile b/sbin/ifconfig/tests/Makefile
index 9b29983afc7c..e902f262552a 100644
--- a/sbin/ifconfig/tests/Makefile
+++ b/sbin/ifconfig/tests/Makefile
@@ -1,6 +1,8 @@
+NETBSD_ATF_TESTS_SH=	nonexistent_test
+ATF_TESTS_SH+=		inet6
 
-NETBSD_ATF_TESTS_SH=		nonexistent_test
+TEST_METADATA+=	execenv="jail"
+TEST_METADATA+=	execenv_jail_params="vnet allow.raw_sockets"
 
 .include <netbsd-tests.test.mk>
-
 .include <bsd.test.mk>
diff --git a/sbin/ifconfig/tests/inet6.sh b/sbin/ifconfig/tests/inet6.sh
new file mode 100644
index 000000000000..edfd88d93af7
--- /dev/null
+++ b/sbin/ifconfig/tests/inet6.sh
@@ -0,0 +1,83 @@
+# SPDX-License-Identifier: ISC
+#
+# Copyright (c) 2025 Lexi Winter
+
+. $(atf_get_srcdir)/../../sys/common/vnet.subr
+
+# Bug 286910: adding 'netmask' or 'broadcast' to an IPv6 address crashed
+# ifconfig.
+
+atf_test_case "netmask" "cleanup"
+netmask_head()
+{
+	atf_set descr "Test invalid 'netmask' option"
+	atf_set require.user root
+}
+
+netmask_body()
+{
+	vnet_init
+
+	ep=$(vnet_mkepair)
+	vnet_mkjail ifcjail ${ep}a
+
+	# Add the address the wrong way
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: netmask: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64
+
+	# Add the address the correct way
+	atf_check -s exit:0 \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64
+	atf_check -s exit:0 -o match:"2001:db8:1::1 prefixlen 64" \
+	    jexec ifcjail ifconfig ${ep}a
+
+	# Remove the address the wrong way
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: netmask: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 -alias
+}
+
+netmask_cleanup()
+{
+	vnet_cleanup
+}
+
+atf_test_case "broadcast" "cleanup"
+broadcast_head()
+{
+	atf_set descr "Test invalid 'broadcast' option"
+	atf_set require.user root
+}
+
+broadcast_body()
+{
+	vnet_init
+
+	ep=$(vnet_mkepair)
+	vnet_mkjail ifcjail ${ep}a
+
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: broadcast: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a \
+	        inet6 2001:db8:1::1 broadcast 2001:db8:1::ffff
+
+	atf_check -s exit:0 \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64
+
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: broadcast: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a \
+	        inet6 2001:db8:1::1 broadcast 2001:db:1::ffff -alias
+}
+
+broadcast_cleanup()
+{
+	vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case netmask
+	atf_add_test_case broadcast
+}