From nobody Mon Jan 15 21:15:26 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TDQ0H0RHyz57ZdJ; Mon, 15 Jan 2024 21:15:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TDQ0G6jhMz4rN4; Mon, 15 Jan 2024 21:15:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1705353326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YvTkndc3sZRPUHBEu6EMw6Q5HQGlm239o7B94zQOozU=; b=vzXAZyTxUBwfms5NC1FP3BOJQGvawwKuBujp/y3jrY/6eohBvTMfwPEke6NWJ6rFTeSvIf ysrP9O9ePoqBeP/FFGBdogJzU8omqLAUyRlJDsa6RKHT2142RLmxbexg2CZbPj79soYfbz aRMr8ia5Uwix4yeLR24YR10se2l9D9z/NDi2LI10zHUR36/QAHSBF+fJmZBBw5HAlZWHbp I6XPm8DitIu2QanGDuVTqOsD5Atks3zYmhEoiK+d/WvuXfDKuxJZNSwxsmLnm01CBJLruw 5Rj/nhfoFDPsKlmore0FyMFZa4U3Ty/xUaeae7egGlH6punX/phdVRVBRfTtOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1705353326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YvTkndc3sZRPUHBEu6EMw6Q5HQGlm239o7B94zQOozU=; b=a422LUfDs859fYIXZb23xkvYOhJqUW8jnArAdmubRH7YwR9xfu+zu530M9o/aPwtSsxTfT TV90V2idtNsufoIbPFJc2l48Dzyfbjnekoien14czo2iMQ+SmEQJHd2h++h4WTIKFfn+NY yEXUE2NXyaNh1w6BQhG2oa/6EcVpJhTXfsLABxiYAUtcFrFlFZNoBd1oCjj4ahaWlTwHzc 1evFbq8sziNBSnsKtGz2rdHyvTyQXgEq2cLo85JkJRk+2zBFo/D3qSrzkGLB3xtaB/QA0g HERs+aKss0ZsdFvqcOl3/X7Q23u1Hd0C8QC8d3MgmgSkOHg2RLLn7D79+AZr9w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1705353326; a=rsa-sha256; cv=none; b=te2DZ6pjDxnDjZI7NPyRXzRHEvvCz7rGMsxnG0Ip2JUBik1quBaYw+bdS/Bm37xzycObmR vba1yafhHTt3oAaeLLPK+DgZyyIp1tdmXFjC8r/elijyWEh70p4iBP90d79xPmT/Ufkw4/ 9wpUwrLQeRo1k6re4wF/yizlNO77K3czZfrGXx02cyqv6Gdqz0IoJ1TwfKJcDcuM19VnrH ZM1EbeUjvS8qbEt6CD9moh9SExd9onH3fwWTdQEuN81B3tErjJoDU6NyG1kxjJdL2ccLLQ EC3zp+KO/JQuGEdzeL7Xlca9hLJyMtFTFccQ/h5/slKK1CYd4gojn58jNJyOfQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TDQ0G5mmsz1C2T; Mon, 15 Jan 2024 21:15:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40FLFQev000120; Mon, 15 Jan 2024 21:15:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40FLFQtk000117; Mon, 15 Jan 2024 21:15:26 GMT (envelope-from git) Date: Mon, 15 Jan 2024 21:15:26 GMT Message-Id: <202401152115.40FLFQtk000117@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mike Karels Subject: git: b9e8ae1d8a42 - main - route: error on IPv4 network routes with incorrect destination List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: karels X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b9e8ae1d8a424194b4e185359da4ded163f24f4e Auto-Submitted: auto-generated The branch main has been updated by karels: URL: https://cgit.FreeBSD.org/src/commit/?id=b9e8ae1d8a424194b4e185359da4ded163f24f4e commit b9e8ae1d8a424194b4e185359da4ded163f24f4e Author: Mike Karels AuthorDate: 2024-01-15 21:14:54 +0000 Commit: Mike Karels CommitDate: 2024-01-15 21:14:54 +0000 route: error on IPv4 network routes with incorrect destination Route destinations like 10/8 are most likely intended as a shorthand for 10.0.0.0/8, but instead it means 0.0.0.10/8, which includes only bits in the host part of the mask, and hence adds a route to 0.0.0.0/8. In 12.x, there was code to "do what I mean", which was removed as part of a cleanup of old network class remnants. Given that we have gone this long without that code, do not restore that behavior. Instead, detect the issue and produce an error. Specifically, if there are no dots in a numeric IPv4 address, the mask is specified with CIDR notation (using a slash), and there are bits set in the host part, produce an error like this for 10/8: route: malformed address, bits set after mask; 10 means 0.0.0.10 PR: 258874 MFC after: 1 week Reviewed by: melifaro, emaste Differential Revision: https://reviews.freebsd.org/D43384 --- sbin/route/route.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sbin/route/route.c b/sbin/route/route.c index c39a13b252bb..03844308fe84 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -1329,6 +1329,9 @@ getaddr(int idx, char *str, int nrflags) q = strchr(str,'/'); if (q != NULL && idx == RTAX_DST) { /* A.B.C.D/NUM */ + struct sockaddr_in *mask; + uint32_t mask_bits; + *q = '\0'; if (inet_aton(str, &sin->sin_addr) == 0) errx(EX_NOHOST, "bad address: %s", str); @@ -1338,6 +1341,20 @@ getaddr(int idx, char *str, int nrflags) errx(EX_NOHOST, "bad mask length: %s", q + 1); inet_makemask((struct sockaddr_in *)&so[RTAX_NETMASK],masklen); + + /* + * Check for bogus destination such as "10/8"; heuristic is + * that there are bits set in the host part, and no dot + * is present. + */ + mask = ((struct sockaddr_in *) &so[RTAX_NETMASK]); + mask_bits = ntohl(mask->sin_addr.s_addr); + if ((ntohl(sin->sin_addr.s_addr) & ~mask_bits) != 0 && + strchr(str, '.') == NULL) + errx(EX_NOHOST, + "malformed address, bits set after mask;" + " %s means %s", + str, inet_ntoa(sin->sin_addr)); return (0); } if (inet_aton(str, &sin->sin_addr) != 0)