git: 541c6c9d75c1 - stable/14 - ctld: Tighten parsing of IPv6 addresses for initiator-portal
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 Jan 2026 18:44:31 UTC
The branch stable/14 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=541c6c9d75c15d94e60e944ee9fe70de3e5d6811
commit 541c6c9d75c15d94e60e944ee9fe70de3e5d6811
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2025-04-11 14:01:48 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2026-01-27 18:15:58 +0000
ctld: Tighten parsing of IPv6 addresses for initiator-portal
If an address starts with a [ character, require that it ends with a ]
character. Also, if an address starts with a [ character, assume it
is an IPv6 address.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D49647
(cherry picked from commit f3eb1514ce44aea5d288a74f34a0c6925ecd43ea)
---
usr.sbin/ctld/ctld.cc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/usr.sbin/ctld/ctld.cc b/usr.sbin/ctld/ctld.cc
index 8a7a3c8b5a81..51983a42a8bf 100644
--- a/usr.sbin/ctld/ctld.cc
+++ b/usr.sbin/ctld/ctld.cc
@@ -320,14 +320,17 @@ auth_portal_new(struct auth_group *ag, const char *portal)
ap->ap_initiator_portal = checked_strdup(portal);
mask = str = checked_strdup(portal);
net = strsep(&mask, "/");
- if (net[0] == '[')
+ if (net[0] == '[') {
net++;
- len = strlen(net);
- if (len == 0)
- goto error;
- if (net[len - 1] == ']')
+ len = strlen(net);
+ if (len < 2)
+ goto error;
+ if (net[len - 1] != ']')
+ goto error;
net[len - 1] = 0;
- if (strchr(net, ':') != NULL) {
+ } else if (net[0] == '\0')
+ goto error;
+ if (str[0] == '[' || strchr(net, ':') != NULL) {
struct sockaddr_in6 *sin6 =
(struct sockaddr_in6 *)&ap->ap_sa;