]> git.ipfire.org Git - thirdparty/systemd.git/commit
dhcp6: reject IA_PD_PREFIX with invalid prefix length 42736/head
authorLuca Boccassi <luca.boccassi@gmail.com>
Wed, 24 Jun 2026 12:20:56 +0000 (13:20 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Thu, 25 Jun 2026 09:16:26 +0000 (10:16 +0100)
commitf98629421b673f5d4cb8206a9dc14b6f1855a9f3
treee720b20d7388181861b39aeae4c5d4ec9d99d76a
parenta762c92a7c68e94a131209e9a01b2c51d82416b2
dhcp6: reject IA_PD_PREFIX with invalid prefix length

dhcp6_option_parse_ia_pdprefix() validates the lifetimes but never the
prefixlen byte, so a delegated prefix with prefixlen == 0 or > 128 is
stored in the lease and handed over.

RFC 8415 defines the prefix length as 1 to 128, and the send-side
option_append_pd_prefix() already rejects 0, so reject the out-of-range
values on the receive path too.

Follow-up for f8ad4dd45d761d839de49ddff9d7fbf46892c148
src/libsystemd-network/dhcp6-option.c
src/libsystemd-network/test-dhcp6-client.c