network: check prefixlen when null address is specified to Address=

diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 7c1ee754052ccb49066631ce7459274950727830..b53461fd903ee828731d8bba579c726ed974e4f0 100644 (file)
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -761,6 +761,19 @@ int config_parse_address(const char *unit,
                 return 0;
         }
 
+        if (in_addr_is_null(f, &buffer)) {
+                /* Will use address from address pool. Note that for ipv6 case, prefix of the address
+                 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
+                 * let's limit the prefix length to 64 or larger. See RFC4193. */
+                if ((f == AF_INET && prefixlen < 8) ||
+                    (f == AF_INET6 && prefixlen < 64)) {
+                        log_syntax(unit, LOG_ERR, filename, line, 0,
+                                   "Null address with invalid prefixlen='%u', ignoring assignment: %s",
+                                   prefixlen, rvalue);
+                        return 0;
+                }
+        }
+
         n->family = f;
         n->prefixlen = prefixlen;