diff options
author | Thomas Markwalder <tmark@isc.org> | 2017-06-12 10:34:36 -0400 |
---|---|---|
committer | Thomas Markwalder <tmark@isc.org> | 2017-06-12 10:34:36 -0400 |
commit | ab777749db3860d2a2cc1ae4c182144add5760d7 (patch) | |
tree | 1ee0db1677b66305876dfce72b63d784f2b04b8f /server | |
parent | c0415c056547c5f6daf262c27f8ddd8a5f126cfa (diff) | |
download | isc-dhcp-ab777749db3860d2a2cc1ae4c182144add5760d7.tar.gz |
[master] Server now handles prefix/pool prefix length mismatches
Merged in 35378.
Diffstat (limited to 'server')
-rw-r--r-- | server/confpars.c | 11 | ||||
-rw-r--r-- | server/dhcpv6.c | 18 |
2 files changed, 15 insertions, 14 deletions
diff --git a/server/confpars.c b/server/confpars.c index d2714516..97e2990a 100644 --- a/server/confpars.c +++ b/server/confpars.c @@ -5974,13 +5974,16 @@ parse_ia_pd_declaration(struct parse *cfile) { executable_statement_dereference (&on_star[i], MDL); } - /* find the pool this address is in */ + /* Find the pool this address is in. We need to check prefix + * lengths too in case the pool has been reconfigured. */ pool = NULL; - if (find_ipv6_pool(&pool, D6O_IA_PD, - &iapref->addr) != ISC_R_SUCCESS) { + if ((find_ipv6_pool(&pool, D6O_IA_PD, + &iapref->addr) != ISC_R_SUCCESS) || + (pool->units != iapref->plen)) { inet_ntop(AF_INET6, &iapref->addr, addr_buf, sizeof(addr_buf)); - log_error("No pool found for prefix %s", addr_buf); + log_error("No pool found for prefix %s/%d", addr_buf, + iapref->plen); iasubopt_dereference(&iapref, MDL); continue; } diff --git a/server/dhcpv6.c b/server/dhcpv6.c index a8bae63c..2ecc23b6 100644 --- a/server/dhcpv6.c +++ b/server/dhcpv6.c @@ -1437,22 +1437,25 @@ try_client_v6_prefix(struct iasubopt **pref, if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) { return DHCP_R_INVALIDARG; } + tmp_plen = (int) requested_pref->data[0]; - if ((tmp_plen < 3) || (tmp_plen > 128) || - ((int)tmp_plen != pool->units)) { + if ((tmp_plen < 3) || (tmp_plen > 128)) { return ISC_R_FAILURE; } + memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref)); if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) { return ISC_R_FAILURE; } + ia.len = 16; memcpy(&ia.iabuf, &tmp_pref, 16); if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) { return ISC_R_FAILURE; } - if (!ipv6_in_pool(&tmp_pref, pool)) { + if (!ipv6_in_pool(&tmp_pref, pool) || + ((int)tmp_plen != pool->units)) { return ISC_R_ADDRNOTAVAIL; } @@ -1464,6 +1467,7 @@ try_client_v6_prefix(struct iasubopt **pref, if (result != ISC_R_SUCCESS) { return result; } + (*pref)->addr = tmp_pref; (*pref)->plen = tmp_plen; @@ -1472,6 +1476,7 @@ try_client_v6_prefix(struct iasubopt **pref, if (result != ISC_R_SUCCESS) { iasubopt_dereference(pref, MDL); } + return result; } @@ -1688,13 +1693,6 @@ eval_prefix_mode(int len, int preflen, int prefix_mode) { break; } -#if defined (DEBUG) - log_debug("eval_prefix_mode: " - "len %d, preflen %d, mode %s, use_it %d", - len, preflen, - prefix_length_modes.values[prefix_mode].name, use_it); -#endif - return (use_it); } |