From nobody Mon Jan 22 16:42:41 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TJbcL1mNSz57lm4;
	Mon, 22 Jan 2024 16:42:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TJbcL1K88z4Wrv;
	Mon, 22 Jan 2024 16:42:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1705941762;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UVRvYRmra4qQ8IfNq5HvmJsigMkJVYVnXsEB+ElWnAo=;
	b=G3wBK942Imz9TRsHVu0+XnL7gDP7GAoIriMPYavtCdUsUm9BkyupCAHqyYROw37JXm6XaP
	LmMp+rKo5cB1PsQDGq1iAEGL8KESmmTB3aCY/rFkAQNLdVoRKSeAejviPMD0D0VIg9k8Bp
	vJ4tsyrw4r7T9W727jXPGIuam0V17nMM4Jxw6o2vZpHDHXef5BiKIG+w6c2Y9+B+BM3m81
	1vt+rqTuedmoDxttgDn/AqrtiG6epB+MImFnhA8330WbgdSAxR2JvHpIC8jLrFroqFbV8O
	Ha3qvST4G6kEVcaiVoRNC3FMb+TlF/PQV7K8GKwS8qJvbiTk7ZvIU6CbI1TT8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1705941762;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UVRvYRmra4qQ8IfNq5HvmJsigMkJVYVnXsEB+ElWnAo=;
	b=EAlKdc0RjZl+DG5pLcTCw3B739IdfNOPJQexk8AhKzVJocZvgp6BIZm2/pRE2XEHqFgi4J
	3L9nrKzrDpE4M4xDuYmvgDwT1Oxzu6fvV0aVxXQMKESDfF2/bXlipuoN4JmgxyUSVdicEV
	lf29gtH54861opBYez4bV7Dk15OM6Z0tEvvmAs3jsQCQHv8h7ZmOnprZHGpIm0kP/CBU8Z
	f2uUhwwDdYEMkiJBry3VxUh8XiqDNFgcYXFE5pZJ36wskjnuZxgn5qBWWapSIowEOlFBmT
	7OWULukIPw6viP8ZDjIdTBFzBX+frq87H2KTCOU7TTJnl0mPdOLWt5YhLtLUbw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1705941762; a=rsa-sha256; cv=none;
	b=r8AKkpXwqdICuAgiQj6XKILJJadslZAOo8GxY1KnD9WmeXGnc8eqjVLVTBeEeWXWvp+ZbQ
	hl0+qZCDAccO+LFJMbuQQlYRq7BIEiH2KOO48ht3jhxmx2/OJWMM2wIu1/eff6W2DuVmdz
	gfnRWmFuZIWTcFn20A62GsYMRsPgp0ZJWpqOA6ZaVg2f7LD9Acs351TgCIGOTNDr1SQQq1
	ZajAU9m235wEuGKGN/w0oo0ZPNx9ymwcJ4NavzWrqmGRjEORJv9oT3M357rdizoBNxaGKu
	RTzvBtEEB2jogxT3AT96/x9VNDfxY4B7cTzyVq4IcT3JF6/8bDsfzEHDNZ2ctw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TJbcL0N5Jz18bT;
	Mon, 22 Jan 2024 16:42:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40MGgfb9036354;
	Mon, 22 Jan 2024 16:42:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40MGgfS5036351;
	Mon, 22 Jan 2024 16:42:41 GMT
	(envelope-from git)
Date: Mon, 22 Jan 2024 16:42:41 GMT
Message-Id: <202401221642.40MGgfS5036351@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mike Karels <karels@FreeBSD.org>
Subject: git: 7e88d8fec4e8 - stable/14 - route: error on IPv4 network
  routes with incorrect destination
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: karels
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 7e88d8fec4e8adc258378c7a68adf6cef1da8ad4
Auto-Submitted: auto-generated

The branch stable/14 has been updated by karels:

URL: https://cgit.FreeBSD.org/src/commit/?id=7e88d8fec4e8adc258378c7a68adf6cef1da8ad4

commit 7e88d8fec4e8adc258378c7a68adf6cef1da8ad4
Author:     Mike Karels <karels@FreeBSD.org>
AuthorDate: 2024-01-15 21:14:54 +0000
Commit:     Mike Karels <karels@FreeBSD.org>
CommitDate: 2024-01-22 16:42:16 +0000

    route: error on IPv4 network routes with incorrect destination
    
    Route destinations like 10/8 are most likely intended as a shorthand
    for 10.0.0.0/8, but instead it means 0.0.0.10/8, which includes
    only bits in the host part of the mask, and hence adds a route to
    0.0.0.0/8.  In 12.x, there was code to "do what I mean", which was
    removed as part of a cleanup of old network class remnants.  Given
    that we have gone this long without that code, do not restore that
    behavior.  Instead, detect the issue and produce an error.
    Specifically, if there are no dots in a numeric IPv4 address, the
    mask is specified with CIDR notation (using a slash), and there are
    bits set in the host part, produce an error like this for 10/8:
    
        route: malformed address, bits set after mask; 10 means 0.0.0.10
    
    PR:             258874
    Reviewed by:    melifaro, emaste
    Differential Revision:  https://reviews.freebsd.org/D43384
    
    (cherry picked from commit b9e8ae1d8a424194b4e185359da4ded163f24f4e)
---
 sbin/route/route.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sbin/route/route.c b/sbin/route/route.c
index 3913bdc9e6af..7cf2bf842559 100644
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@@ -1342,6 +1342,9 @@ getaddr(int idx, char *str, int nrflags)
 	q = strchr(str,'/');
 	if (q != NULL && idx == RTAX_DST) {
 		/* A.B.C.D/NUM */
+		struct sockaddr_in *mask;
+		uint32_t mask_bits;
+
 		*q = '\0';
 		if (inet_aton(str, &sin->sin_addr) == 0)
 			errx(EX_NOHOST, "bad address: %s", str);
@@ -1351,6 +1354,20 @@ getaddr(int idx, char *str, int nrflags)
 			errx(EX_NOHOST, "bad mask length: %s", q + 1);
 
 		inet_makemask((struct sockaddr_in *)&so[RTAX_NETMASK],masklen);
+
+		/*
+		 * Check for bogus destination such as "10/8"; heuristic is
+		 * that there are bits set in the host part, and no dot
+		 * is present.
+		 */
+		mask = ((struct sockaddr_in *) &so[RTAX_NETMASK]);
+		mask_bits = ntohl(mask->sin_addr.s_addr);
+		if ((ntohl(sin->sin_addr.s_addr) & ~mask_bits) != 0 &&
+		    strchr(str, '.') == NULL)
+			errx(EX_NOHOST,
+			    "malformed address, bits set after mask;"
+			    " %s means %s",
+			    str, inet_ntoa(sin->sin_addr));
 		return (0);
 	}
 	if (inet_aton(str, &sin->sin_addr) != 0)