From: Hans Dedecker Date: Mon, 2 Apr 2018 19:09:16 +0000 (+0200) Subject: ra: rework route information option handling X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ea189359a1f6ae0ef5fa10de49bad1b1709b7b9d;p=oweals%2Fodhcp6c.git ra: rework route information option handling Use struct icmpv6_opt_route_info to parse the route information option; improve route information option sanity checks. Signed-off-by: Hans Dedecker --- diff --git a/src/ra.c b/src/ra.c index 8492508..c1f3d03 100644 --- a/src/ra.c +++ b/src/ra.c @@ -410,15 +410,26 @@ bool ra_process(void) uint32_t *mtu = (uint32_t*)&opt->data[2]; ra_conf_mtu(ntohl(*mtu)); } else if (opt->type == ND_OPT_ROUTE_INFORMATION && opt->len <= 3) { + struct icmpv6_opt_route_info *ri = (struct icmpv6_opt_route_info *)opt; + + if (ri->prefix_len > 128) { + continue; + } else if (ri->prefix_len > 64) { + if (ri->len < 2) + continue; + } else if (ri->prefix_len > 0) { + if (ri->len < 1) + continue; + } + entry->router = from.sin6_addr; entry->target = any; - entry->priority = pref_to_priority(opt->data[1]); - entry->length = opt->data[0]; - uint32_t *valid = (uint32_t*)&opt->data[2]; - entry->valid = ntohl(*valid); - memcpy(&entry->target, &opt->data[6], (opt->len - 1) * 8); + entry->priority = pref_to_priority(ri->flags); + entry->length = ri->prefix_len; + entry->valid = ntohl(ri->lifetime); + memcpy(&entry->target, ri->prefix, (ri->len - 1) * 8); - if (entry->length > 128 || IN6_IS_ADDR_LINKLOCAL(&entry->target) + if (IN6_IS_ADDR_LINKLOCAL(&entry->target) || IN6_IS_ADDR_LOOPBACK(&entry->target) || IN6_IS_ADDR_MULTICAST(&entry->target)) continue; diff --git a/src/ra.h b/src/ra.h index e6f7ccb..9acc8cd 100644 --- a/src/ra.h +++ b/src/ra.h @@ -26,6 +26,15 @@ struct icmpv6_opt { uint8_t data[6]; }; +struct icmpv6_opt_route_info { + uint8_t type; + uint8_t len; + uint8_t prefix_len; + uint8_t flags; + uint32_t lifetime; + uint8_t prefix[]; +}; + #define ND_OPT_ROUTE_INFORMATION 24