From c295fba54676581dd88b30c7f40697f704ceb2e0 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Mon, 7 Jun 2021 23:26:27 +0200 Subject: [PATCH] ip-pool: Validate prefix lengths in used addresses Be paranoid and check that the prefix length in addresses from used_addr4_list are not zero (they shouldn't be) and that address family is AF_INET (it should be), mainly to quiet coverity warnings: While there also fix one line's indentation. --- src/ip-pool.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/ip-pool.c b/src/ip-pool.c index efc4fd18..6a05b05b 100644 --- a/src/ip-pool.c +++ b/src/ip-pool.c @@ -149,13 +149,19 @@ int ip_pool_select_addr4(const char **addr_str_list, uint8_t subnet_prefix_len, const struct ip_pool_addr4_record *rec = entry->data; struct ip_pool_addr4_range *range; char addr_str[INET_ADDRSTRLEN]; - uint32_t used_subnet_size = 1 << - (32 - l_rtnl_address_get_prefix_length(rec->addr)); + uint8_t used_prefix_len = + l_rtnl_address_get_prefix_length(rec->addr); + uint32_t used_subnet_size; - if (!l_rtnl_address_get_address(rec->addr, addr_str) || + if (l_rtnl_address_get_family(rec->addr) != AF_INET || + !l_rtnl_address_get_address(rec->addr, + addr_str) || + used_prefix_len < 1 || inet_pton(AF_INET, addr_str, &ia) != 1) continue; + used_subnet_size = 1 << (32 - used_prefix_len); + range = l_new(struct ip_pool_addr4_range, 1); range->start = ntohl(ia.s_addr) & subnet_mask; range->end = (range->start + used_subnet_size + subnet_size - @@ -216,7 +222,7 @@ check_avail: for (entry = l_queue_get_entries(ranges); entry; entry = entry->next) { struct ip_pool_addr4_range *range = entry->data; - total += (range->end - range->start) >> + total += (range->end - range->start) >> (32 - subnet_prefix_len); }