7:26 a.m.
At the end of ip_pool_select_addr4() we'd check if the selected address
is equal to the subnet address and increment it by 1 to produce a valid
host address for the AP. That check was always correct only with 24-bit
prefix, extend it to actually use the prefix-dependent mask instead of
0xff. Fixes a testAP failure triggered 50% of the times because the
netmask is 28 bit long there.
---
src/ip-pool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ip-pool.c b/src/ip-pool.c
index 42c96bb4..e3f02d5e 100644
--- a/src/ip-pool.c
+++ b/src/ip-pool.c
@@ -236,7 +236,7 @@ check_avail:
selected -= count;
}
- if ((host_addr & 0xff) == 0)
+ if ((host_addr & host_mask) == 0)
host_addr += 1;
done:
--
2.30.2
7:26 a.m.
New subject: [PATCH 2/2] ip-pool: Validate prefix lengths in used addresses
Be paranoid and check that the prefix length in addresses from
used_addr4_list are not zero (they shouldn't be) and that address family
is AF_INET (it should be), mainly to quiet coverity warnings:
>> CID 370881: Integer handling issues (BAD_SHIFT)
>> In expression "1 << 32 -
l_rtnl_address_get_prefix_length(rec->addr)", left shifting by more than 31 bits
has undefined behavior. The shift amount, "32 -
l_rtnl_address_get_prefix_length(rec->addr)", is 32.
151
uint32_t used_subnet_size = 1 <<
152 (32 - l_rtnl_address_get_prefix_length(rec->addr));
>> CID 370878: Memory - corruptions (OVERRUN)
>> Overrunning array "addr_str" of 16 bytes by passing it to a
function which accesses it at byte offset 45.
154 if
(!l_rtnl_address_get_address(rec->addr, addr_str) ||
While there also fix one line's indentation.
---
src/ip-pool.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/ip-pool.c b/src/ip-pool.c
index e3f02d5e..fc0bf6d7 100644
--- a/src/ip-pool.c
+++ b/src/ip-pool.c
@@ -148,13 +148,19 @@ int ip_pool_select_addr4(const char **addr_str_list, uint8_t
subnet_prefix_len,
const struct ip_pool_addr4_record *rec = entry->data;
struct ip_pool_addr4_range *range;
char addr_str[INET_ADDRSTRLEN];
- uint32_t used_subnet_size = 1 <<
- (32 - l_rtnl_address_get_prefix_length(rec->addr));
-
- if (!l_rtnl_address_get_address(rec->addr, addr_str) ||
+ uint8_t used_prefix_len =
+ l_rtnl_address_get_prefix_length(rec->addr);
+ uint32_t used_subnet_size;
+
+ if (l_rtnl_address_get_family(rec->addr) != AF_INET ||
+ !l_rtnl_address_get_address(rec->addr,
+ addr_str) ||
+ used_prefix_len < 1 ||
inet_pton(AF_INET, addr_str, &ia) != 1)
continue;
+ used_subnet_size = 1 << (32 - used_prefix_len);
+
range = l_new(struct ip_pool_addr4_range, 1);
range->start = ntohl(ia.s_addr) & subnet_mask;
range->end = (range->start + used_subnet_size + subnet_size -
@@ -215,7 +221,7 @@ check_avail:
for (entry = l_queue_get_entries(ranges); entry; entry = entry->next) {
struct ip_pool_addr4_range *range = entry->data;
- total += (range->end - range->start) >>
+ total += (range->end - range->start) >>
(32 - subnet_prefix_len);
}
--
2.30.2
468
days inactive
468
days old
1 comments
1 participants
participants (1)
-
Andrew Zaborowski