git: 59ee9260e6bb - main - ifconfig: reject netmask and broadcast for inet6
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 May 2025 05:48:34 UTC
The branch main has been updated by ivy:
URL: https://cgit.FreeBSD.org/src/commit/?id=59ee9260e6bbcc3b5654126eed6e9490315c81f1
commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1
Author: Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-21 03:59:59 +0000
Commit: Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-05-21 05:46:17 +0000
ifconfig: reject netmask and broadcast for inet6
We don't support setting netmask or broadcast address for INET6
addresses, and trying to do crashes ifconfig. Handle this the
same way as af_link, by rejecting attempts to configure these
parameters.
PR: 286910
Reported by: Hayzam Sherif <hayzam@alchemilla.io>
MFC after: 3 days
Reviewed by: zlei, kevans, des, cy
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50413
---
sbin/ifconfig/af_inet6.c | 5 +++
sbin/ifconfig/tests/Makefile | 7 ++--
sbin/ifconfig/tests/inet6.sh | 84 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 94 insertions(+), 2 deletions(-)
diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c
index fcd04139a8c1..17dc068ee875 100644
--- a/sbin/ifconfig/af_inet6.c
+++ b/sbin/ifconfig/af_inet6.c
@@ -428,6 +428,11 @@ in6_getaddr(const char *addr_str, int which)
{
struct in6_px *px = sin6tab_nl[which];
+ if (which == MASK)
+ errx(1, "netmask: invalid option for inet6");
+ if (which == BRDADDR)
+ errx(1, "broadcast: invalid option for inet6");
+
px->set = true;
px->plen = 128;
if (which == ADDR) {
diff --git a/sbin/ifconfig/tests/Makefile b/sbin/ifconfig/tests/Makefile
index ff545f603085..e902f262552a 100644
--- a/sbin/ifconfig/tests/Makefile
+++ b/sbin/ifconfig/tests/Makefile
@@ -1,5 +1,8 @@
-NETBSD_ATF_TESTS_SH= nonexistent_test
+NETBSD_ATF_TESTS_SH= nonexistent_test
+ATF_TESTS_SH+= inet6
-.include <netbsd-tests.test.mk>
+TEST_METADATA+= execenv="jail"
+TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets"
+.include <netbsd-tests.test.mk>
.include <bsd.test.mk>
diff --git a/sbin/ifconfig/tests/inet6.sh b/sbin/ifconfig/tests/inet6.sh
new file mode 100644
index 000000000000..cf7f97e01d79
--- /dev/null
+++ b/sbin/ifconfig/tests/inet6.sh
@@ -0,0 +1,84 @@
+#! /bin/sh
+# SPDX-License-Identifier: ISC
+#
+# Copyright (c) 2025 Lexi Winter
+
+. $(atf_get_srcdir)/../../sys/common/vnet.subr
+
+# Bug 286910: adding 'netmask' or 'broadcast' to an IPv6 address crashed
+# ifconfig.
+
+atf_test_case "netmask" "cleanup"
+netmask_head()
+{
+ atf_set descr "Test invalid 'netmask' option"
+ atf_set require.user root
+}
+
+netmask_body()
+{
+ vnet_init
+
+ ep=$(vnet_mkepair)
+ vnet_mkjail ifcjail ${ep}a
+
+ # Add the address the wrong way
+ atf_check -s exit:1 \
+ -e match:"ifconfig: netmask: invalid option for inet6" \
+ jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64
+
+ # Add the address the correct way
+ atf_check -s exit:0 \
+ jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64
+ atf_check -s exit:0 -o match:"2001:db8:1::1 prefixlen 64" \
+ jexec ifcjail ifconfig ${ep}a
+
+ # Remove the address the wrong way
+ atf_check -s exit:1 \
+ -e match:"ifconfig: netmask: invalid option for inet6" \
+ jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 -alias
+}
+
+netmask_cleanup()
+{
+ vnet_cleanup
+}
+
+atf_test_case "broadcast" "cleanup"
+broadcast_head()
+{
+ atf_set descr "Test invalid 'broadcast' option"
+ atf_set require.user root
+}
+
+broadcast_body()
+{
+ vnet_init
+
+ ep=$(vnet_mkepair)
+ vnet_mkjail ifcjail ${ep}a
+
+ atf_check -s exit:1 \
+ -e match:"ifconfig: broadcast: invalid option for inet6" \
+ jexec ifcjail ifconfig ${ep}a \
+ inet6 2001:db8:1::1 broadcast 2001:db8:1::ffff
+
+ atf_check -s exit:0 \
+ jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64
+
+ atf_check -s exit:1 \
+ -e match:"ifconfig: broadcast: invalid option for inet6" \
+ jexec ifcjail ifconfig ${ep}a \
+ inet6 2001:db8:1::1 broadcast 2001:db:1::ffff -alias
+}
+
+broadcast_cleanup()
+{
+ vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case netmask
+ atf_add_test_case broadcast
+}