On Wed, Apr 02, 2025 at 07:23:39PM +0200, Laurent Vivier wrote: Needs a commit message.Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- dhcpv6.c | 57 +++++++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/dhcpv6.c b/dhcpv6.c index ccc64172a480..1e83f2c2ad23 100644 --- a/dhcpv6.c +++ b/dhcpv6.c @@ -278,30 +278,25 @@ static struct resp_not_on_link_t { /** * dhcpv6_opt() - Get option from DHCPv6 message - * @p: Packet pool, single packet with UDP header - * @offset: Offset to look at, 0: end of header, set to option start + * @data: Data to look at * @type: Option type to look up, network order * * Return: pointer to option header, or NULL on malformed or missing option */ -static struct opt_hdr *dhcpv6_opt(const struct pool *p, size_t *offset, - uint16_t type) +static struct opt_hdr *dhcpv6_opt(struct iov_tail *data, uint16_t type) { - struct opt_hdr *o; - size_t left; + struct opt_hdr *o, oc; - ASSERT(*offset >= UDP_MSG_HDR_SIZE); - - while ((o = packet_get_try(p, 0, *offset, sizeof(*o), &left))) { + while ((o = IOV_PEEK_HEADER(data, oc))) { unsigned int opt_len = ntohs(o->l) + sizeof(*o); - if (ntohs(o->l) > left) + if (opt_len > iov_tail_size(data)) return NULL;if (o->t == type) return o;This is no good. If peek_header() ended up copying the header you'll now be returning a pointer to a local variable. Also, you've only verified the contiguity of the option header with IOV_PEEK_HEADER, the body of the option could still be discontiguous, which is not what the callers expect.- *offset += opt_len; + data->off += opt_len;I think you want iov_drop() or REMOVE_HEADER() here rather than reaching into the iov_tail structure.} return NULL; @@ -309,31 +304,31 @@ static struct opt_hdr *dhcpv6_opt(const struct pool *p, size_t *offset, /** * dhcpv6_ia_notonlink() - Check if any IA contains non-appropriate addresses - * @p: Packet pool, single packet starting from UDP header + * @data: Data to look at, packet starting from UDP header * @la: Address we want to lease to the client * * Return: pointer to non-appropriate IA_NA or IA_TA, if any, NULL otherwise */ -static struct opt_hdr *dhcpv6_ia_notonlink(const struct pool *p, +static struct opt_hdr *dhcpv6_ia_notonlink(const struct iov_tail *data, struct in6_addr *la) { int ia_types[2] = { OPT_IA_NA, OPT_IA_TA }, *ia_type; const struct opt_ia_addr *opt_addr; char buf[INET6_ADDRSTRLEN]; struct in6_addr req_addr; + struct iov_tail current; const struct opt_hdr *h; struct opt_hdr *ia; - size_t offset; foreach(ia_type, ia_types) { - offset = UDP_MSG_HDR_SIZE; - while ((ia = dhcpv6_opt(p, &offset, *ia_type))) { + current = *data; + while ((ia = dhcpv6_opt(¤t, *ia_type))) { if (ntohs(ia->l) < OPT_VSIZE(ia_na)) return NULL; - offset += sizeof(struct opt_ia_na); + current.off += sizeof(struct opt_ia_na); - while ((h = dhcpv6_opt(p, &offset, OPT_IAAADR))) { + while ((h = dhcpv6_opt(¤t, OPT_IAAADR))) { if (ntohs(h->l) != OPT_VSIZE(ia_addr)) return NULL; @@ -342,7 +337,7 @@ static struct opt_hdr *dhcpv6_ia_notonlink(const struct pool *p, if (!IN6_ARE_ADDR_EQUAL(la, &req_addr)) goto err; - offset += sizeof(struct opt_ia_addr); + current.off += sizeof(struct opt_ia_addr); } } } @@ -434,13 +429,15 @@ search: /** * dhcpv6_client_fqdn_fill() - Fill in client FQDN option + * @data: Data to look at * @c: Execution context * @buf: Response message buffer where options will be appended * @offset: Offset in message buffer for new options * * Return: updated length of response message buffer. */ -static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c, +static size_t dhcpv6_client_fqdn_fill(struct iov_tail *data, + const struct ctx *c, char *buf, int offset) { @@ -463,9 +460,8 @@ static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c, o = (struct opt_client_fqdn *)(buf + offset); encode_domain_name(o->domain_name, c->fqdn); - req_opt = (struct opt_client_fqdn *)dhcpv6_opt(p, - &(size_t){ UDP_MSG_HDR_SIZE }, - OPT_CLIENT_FQDN); + data->off += UDP_MSG_HDR_SIZE; + req_opt = (struct opt_client_fqdn *)dhcpv6_opt(data, OPT_CLIENT_FQDN); if (req_opt && req_opt->flags & 0x01 /* S flag */) o->flags = 0x02 /* O flag */; else @@ -525,19 +521,19 @@ int dhcpv6(struct ctx *c, const struct pool *p, src = &c->ip6.our_tap_ll; - mh = IOV_PEEK_HEADER(&data, mhc); + mh = IOV_REMOVE_HEADER(&data, mhc); if (!mh) return -1; - client_id = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_CLIENTID); + client_id = dhcpv6_opt(&data, OPT_CLIENTID); if (!client_id || ntohs(client_id->l) > OPT_VSIZE(client_id)) return -1; - server_id = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_SERVERID); + server_id = dhcpv6_opt(&data, OPT_SERVERID); if (server_id && ntohs(server_id->l) != OPT_VSIZE(server_id)) return -1; - ia = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_IA_NA); + ia = dhcpv6_opt(&data, OPT_IA_NA); if (ia && ntohs(ia->l) < MIN(OPT_VSIZE(ia_na), OPT_VSIZE(ia_ta))) return -1; @@ -553,7 +549,7 @@ int dhcpv6(struct ctx *c, const struct pool *p, if (mh->type == TYPE_CONFIRM && server_id) return -1; - if ((bad_ia = dhcpv6_ia_notonlink(p, &c->ip6.addr))) { + if ((bad_ia = dhcpv6_ia_notonlink(&data, &c->ip6.addr))) { info("DHCPv6: received CONFIRM with inappropriate IA," " sending NotOnLink status in REPLY"); @@ -587,7 +583,7 @@ int dhcpv6(struct ctx *c, const struct pool *p, memcmp(&resp.server_id, server_id, sizeof(resp.server_id))) return -1; - if (ia || dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_IA_TA)) + if (ia || dhcpv6_opt(&data, OPT_IA_TA)) return -1; info("DHCPv6: received INFORMATION_REQUEST, sending REPLY"); @@ -619,7 +615,8 @@ int dhcpv6(struct ctx *c, const struct pool *p, n = offsetof(struct resp_t, client_id) + sizeof(struct opt_hdr) + ntohs(client_id->l); n = dhcpv6_dns_fill(c, (char *)&resp, n); - n = dhcpv6_client_fqdn_fill(p, c, (char *)&resp, n); + packet_base(p, 0, &data); + n = dhcpv6_client_fqdn_fill(&data, c, (char *)&resp, n); resp.hdr.xid = mh->xid;-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson