From ab777749db3860d2a2cc1ae4c182144add5760d7 Mon Sep 17 00:00:00 2001 From: Thomas Markwalder Date: Mon, 12 Jun 2017 10:34:36 -0400 Subject: [master] Server now handles prefix/pool prefix length mismatches Merged in 35378. --- RELNOTES | 11 +++++++++++ server/confpars.c | 11 +++++++---- server/dhcpv6.c | 18 ++++++++---------- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/RELNOTES b/RELNOTES index ee0caca7..bfd2fffd 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1064,6 +1064,17 @@ by Eric Young (eay@cryptsoft.com). the issue to our attention. [ISC-Bugs #41976] +- The server nows checks both the address and length of a prefix delegation + when attempting to match it to a prefix pool. This ensures the server + responds properly when pool configurations change such that once valid, + "in-pool" delegations are now treated as being invalid. During lease + file loading at startup, the server will discard any PD leases that + are deemed "out-of-pool" either by address or mis-matched prefix length. + Clients seeking to renew or rebind such leases will get a response of + No Binding in the case of the former, and the prefix delegation with + lifetimes set to zero in the case of the latter. + [ISC-Bugs #35378] + Changes since 4.2.0 (new features) - If a client renews before 'dhcp-cache-threshold' percent of its lease diff --git a/server/confpars.c b/server/confpars.c index d2714516..97e2990a 100644 --- a/server/confpars.c +++ b/server/confpars.c @@ -5974,13 +5974,16 @@ parse_ia_pd_declaration(struct parse *cfile) { executable_statement_dereference (&on_star[i], MDL); } - /* find the pool this address is in */ + /* Find the pool this address is in. We need to check prefix + * lengths too in case the pool has been reconfigured. */ pool = NULL; - if (find_ipv6_pool(&pool, D6O_IA_PD, - &iapref->addr) != ISC_R_SUCCESS) { + if ((find_ipv6_pool(&pool, D6O_IA_PD, + &iapref->addr) != ISC_R_SUCCESS) || + (pool->units != iapref->plen)) { inet_ntop(AF_INET6, &iapref->addr, addr_buf, sizeof(addr_buf)); - log_error("No pool found for prefix %s", addr_buf); + log_error("No pool found for prefix %s/%d", addr_buf, + iapref->plen); iasubopt_dereference(&iapref, MDL); continue; } diff --git a/server/dhcpv6.c b/server/dhcpv6.c index a8bae63c..2ecc23b6 100644 --- a/server/dhcpv6.c +++ b/server/dhcpv6.c @@ -1437,22 +1437,25 @@ try_client_v6_prefix(struct iasubopt **pref, if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) { return DHCP_R_INVALIDARG; } + tmp_plen = (int) requested_pref->data[0]; - if ((tmp_plen < 3) || (tmp_plen > 128) || - ((int)tmp_plen != pool->units)) { + if ((tmp_plen < 3) || (tmp_plen > 128)) { return ISC_R_FAILURE; } + memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref)); if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) { return ISC_R_FAILURE; } + ia.len = 16; memcpy(&ia.iabuf, &tmp_pref, 16); if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) { return ISC_R_FAILURE; } - if (!ipv6_in_pool(&tmp_pref, pool)) { + if (!ipv6_in_pool(&tmp_pref, pool) || + ((int)tmp_plen != pool->units)) { return ISC_R_ADDRNOTAVAIL; } @@ -1464,6 +1467,7 @@ try_client_v6_prefix(struct iasubopt **pref, if (result != ISC_R_SUCCESS) { return result; } + (*pref)->addr = tmp_pref; (*pref)->plen = tmp_plen; @@ -1472,6 +1476,7 @@ try_client_v6_prefix(struct iasubopt **pref, if (result != ISC_R_SUCCESS) { iasubopt_dereference(pref, MDL); } + return result; } @@ -1688,13 +1693,6 @@ eval_prefix_mode(int len, int preflen, int prefix_mode) { break; } -#if defined (DEBUG) - log_debug("eval_prefix_mode: " - "len %d, preflen %d, mode %s, use_it %d", - len, preflen, - prefix_length_modes.values[prefix_mode].name, use_it); -#endif - return (use_it); } -- cgit v1.2.1