From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 20 Feb 2019 09:36:17 +0000 (+0900)
Subject: network: check prefixlen when null address is specified to Address=
X-Git-Tag: v242-rc1~209^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9207ff3a4f548061f58d1b162078db12ac3f7f6;p=thirdparty%2Fsystemd.git

network: check prefixlen when null address is specified to Address=
---

diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 7c1ee754052..b53461fd903 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -761,6 +761,19 @@ int config_parse_address(const char *unit,
                 return 0;
         }
 
+        if (in_addr_is_null(f, &buffer)) {
+                /* Will use address from address pool. Note that for ipv6 case, prefix of the address
+                 * pool is 8, but 40 bit is used by the global ID and 16 bit by the subnet ID. So,
+                 * let's limit the prefix length to 64 or larger. See RFC4193. */
+                if ((f == AF_INET && prefixlen < 8) ||
+                    (f == AF_INET6 && prefixlen < 64)) {
+                        log_syntax(unit, LOG_ERR, filename, line, 0,
+                                   "Null address with invalid prefixlen='%u', ignoring assignment: %s",
+                                   prefixlen, rvalue);
+                        return 0;
+                }
+        }
+
         n->family = f;
         n->prefixlen = prefixlen;