From: Yu Watanabe Date: Sun, 17 Apr 2022 00:19:26 +0000 (+0900) Subject: network: tunnel: handle null address as "any" X-Git-Tag: v251-rc2~112^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96d96ec4e77e4c80875c173ce4819bb6888a4005;p=thirdparty%2Fsystemd.git network: tunnel: handle null address as "any" Fixes oss-fuzz#44881 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44881). Fixes #23098. --- diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c index 3ba4484b6b2..747acb1e809 100644 --- a/src/network/netdev/tunnel.c +++ b/src/network/netdev/tunnel.c @@ -7,6 +7,7 @@ #include #include +#include "af-list.h" #include "conf-parser.h" #include "hexdecoct.h" #include "missing_network.h" @@ -737,6 +738,20 @@ static int netdev_tunnel_verify(NetDev *netdev, const char *filename) { return 0; } +static int unset_local(Tunnel *t) { + assert(t); + + /* Unset the previous assignment. */ + t->local = IN_ADDR_NULL; + t->local_type = _NETDEV_LOCAL_ADDRESS_TYPE_INVALID; + + /* If the remote address is not specified, also clear the address family. */ + if (!in_addr_is_set(t->family, &t->remote)) + t->family = AF_UNSPEC; + + return 0; +} + int config_parse_tunnel_local_address( const char *unit, const char *filename, @@ -759,16 +774,8 @@ int config_parse_tunnel_local_address( assert(rvalue); assert(userdata); - if (isempty(rvalue) || streq(rvalue, "any")) { - /* Unset the previous assignment. */ - t->local = IN_ADDR_NULL; - t->local_type = _NETDEV_LOCAL_ADDRESS_TYPE_INVALID; - - /* If the remote address is not specified, also clear the address family. */ - if (!in_addr_is_set(t->family, &t->remote)) - t->family = AF_UNSPEC; - return 0; - } + if (isempty(rvalue) || streq(rvalue, "any")) + return unset_local(t); type = netdev_local_address_type_from_string(rvalue); if (IN_SET(type, NETDEV_LOCAL_ADDRESS_IPV4LL, NETDEV_LOCAL_ADDRESS_DHCP4)) @@ -783,6 +790,9 @@ int config_parse_tunnel_local_address( "Tunnel address \"%s\" invalid, ignoring assignment: %m", rvalue); return 0; } + + if (in_addr_is_null(f, &buffer)) + return unset_local(t); } if (t->family != AF_UNSPEC && t->family != f) { @@ -797,6 +807,20 @@ int config_parse_tunnel_local_address( return 0; } +static int unset_remote(Tunnel *t) { + assert(t); + + /* Unset the previous assignment. */ + t->remote = IN_ADDR_NULL; + + /* If the local address is not specified, also clear the address family. */ + if (t->local_type == _NETDEV_LOCAL_ADDRESS_TYPE_INVALID && + !in_addr_is_set(t->family, &t->local)) + t->family = AF_UNSPEC; + + return 0; +} + int config_parse_tunnel_remote_address( const char *unit, const char *filename, @@ -818,16 +842,8 @@ int config_parse_tunnel_remote_address( assert(rvalue); assert(userdata); - if (isempty(rvalue) || streq(rvalue, "any")) { - /* Unset the previous assignment. */ - t->remote = IN_ADDR_NULL; - - /* If the local address is not specified, also clear the address family. */ - if (t->local_type == _NETDEV_LOCAL_ADDRESS_TYPE_INVALID && - !in_addr_is_set(t->family, &t->local)) - t->family = AF_UNSPEC; - return 0; - } + if (isempty(rvalue) || streq(rvalue, "any")) + return unset_remote(t); r = in_addr_from_string_auto(rvalue, &f, &buffer); if (r < 0) { @@ -836,6 +852,9 @@ int config_parse_tunnel_remote_address( return 0; } + if (in_addr_is_null(f, &buffer)) + return unset_remote(t); + if (t->family != AF_UNSPEC && t->family != f) { log_syntax(unit, LOG_WARNING, filename, line, 0, "Address family does not match the previous assignment, ignoring assignment: %s", rvalue); diff --git a/test/fuzz/fuzz-netdev-parser/clusterfuzz-testcase-minimized-fuzz-netdev-parser-4697395387039744 b/test/fuzz/fuzz-netdev-parser/clusterfuzz-testcase-minimized-fuzz-netdev-parser-4697395387039744 new file mode 100644 index 00000000000..d2de7fb1875 Binary files /dev/null and b/test/fuzz/fuzz-netdev-parser/clusterfuzz-testcase-minimized-fuzz-netdev-parser-4697395387039744 differ