Blame SOURCES/dnsmasq-2.80-unaligned-addresses-in-DHCPv6-packet.patch

85f98a
From 653481c6ebf46dcadb5a017085325d956dd04a28 Mon Sep 17 00:00:00 2001
85f98a
From: Simon Kelley <simon@thekelleys.org.uk>
85f98a
Date: Tue, 21 Aug 2018 22:06:36 +0100
85f98a
Subject: [PATCH] Properly deal with unaligned addresses in DHCPv6 packets.
85f98a
85f98a
Thanks to Vladislav Grishenko for spotting this.
85f98a
85f98a
(cherry picked from commit 97f876b64c22b2b18412e2e3d8506ee33e42db7c)
85f98a
85f98a
Conflicts:
85f98a
	src/rfc3315.c
85f98a
---
85f98a
 src/rfc1035.c |   2 +-
85f98a
 src/rfc3315.c | 101 ++++++++++++++++++++++++++++++++++------------------------
85f98a
 2 files changed, 61 insertions(+), 42 deletions(-)
85f98a
85f98a
diff --git a/src/rfc1035.c b/src/rfc1035.c
85f98a
index 6b3bb27..ee5f7a0 100644
85f98a
--- a/src/rfc1035.c
85f98a
+++ b/src/rfc1035.c
85f98a
@@ -1376,7 +1376,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
85f98a
 		    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
85f98a
 					    daemon->local_ttl, NULL,
85f98a
 					    t->class, C_IN, "t", t->len, t->txt))
85f98a
-		      anscount ++;
85f98a
+		      anscount++;
85f98a
 		  }
85f98a
 	      }
85f98a
 		
85f98a
diff --git a/src/rfc3315.c b/src/rfc3315.c
85f98a
index 21fcd9b..ee1cf17 100644
85f98a
--- a/src/rfc3315.c
85f98a
+++ b/src/rfc3315.c
85f98a
@@ -639,9 +639,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 	    int plain_range = 1;
85f98a
 	    u32 lease_time;
85f98a
 	    struct dhcp_lease *ltmp;
85f98a
-	    struct in6_addr *req_addr;
85f98a
-	    struct in6_addr addr;
85f98a
-
85f98a
+	    struct in6_addr req_addr, addr;
85f98a
+	    
85f98a
 	    if (!check_ia(state, opt, &ia_end, &ia_option))
85f98a
 	      continue;
85f98a
 	    
85f98a
@@ -709,9 +708,10 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 
85f98a
 	    for (ia_counter = 0; ia_option; ia_counter++, ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
85f98a
 	      {
85f98a
-		req_addr = opt6_ptr(ia_option, 0);
85f98a
+		/* worry about alignment here. */
85f98a
+		memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
85f98a
 				
85f98a
-		if ((c = address6_valid(state->context, req_addr, solicit_tags, plain_range)))
85f98a
+		if ((c = address6_valid(state->context, &req_addr, solicit_tags, plain_range)))
85f98a
 		  {
85f98a
 		    lease_time = c->lease_time;
85f98a
 		    /* If the client asks for an address on the same network as a configured address, 
85f98a
@@ -719,14 +719,14 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		       addresses automatic. */
85f98a
 		    if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, c, &addr) && check_address(state, &addr))
85f98a
 		      {
85f98a
-			req_addr = &addr;
85f98a
+			req_addr = addr;
85f98a
 			mark_config_used(c, &addr);
85f98a
 			if (have_config(config, CONFIG_TIME))
85f98a
 			  lease_time = config->lease_time;
85f98a
 		      }
85f98a
-		    else if (!(c = address6_available(state->context, req_addr, solicit_tags, plain_range)))
85f98a
+		    else if (!(c = address6_available(state->context, &req_addr, solicit_tags, plain_range)))
85f98a
 		      continue; /* not an address we're allowed */
85f98a
-		    else if (!check_address(state, req_addr))
85f98a
+		    else if (!check_address(state, &req_addr))
85f98a
 		      continue; /* address leased elsewhere */
85f98a
 		    
85f98a
 		    /* add address to output packet */
85f98a
@@ -734,8 +734,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		    if (dump_all_prefix_classes && state->ia_type == OPTION6_IA_NA)
85f98a
 		      state->send_prefix_class = prefix_class_from_context(c);
85f98a
 #endif		    
85f98a
-		    add_address(state, c, lease_time, ia_option, &min_time, req_addr, now);
85f98a
-		    mark_context_used(state, req_addr);
85f98a
+		    add_address(state, c, lease_time, ia_option, &min_time, &req_addr, now);
85f98a
+		    mark_context_used(state, &req_addr);
85f98a
 		    get_context_tag(state, c);
85f98a
 		    address_assigned = 1;
85f98a
 		  }
85f98a
@@ -768,15 +768,15 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 	    ltmp = NULL;
85f98a
 	    while ((ltmp = lease6_find_by_client(ltmp, state->ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA, state->clid, state->clid_len, state->iaid)))
85f98a
 	      {
85f98a
-		req_addr = &ltmp->addr6;
85f98a
-		if ((c = address6_available(state->context, req_addr, solicit_tags, plain_range)))
85f98a
+		req_addr = ltmp->addr6;
85f98a
+		if ((c = address6_available(state->context, &req_addr, solicit_tags, plain_range)))
85f98a
 		  {
85f98a
 #ifdef OPTION6_PREFIX_CLASS
85f98a
 		    if (dump_all_prefix_classes && state->ia_type == OPTION6_IA_NA)
85f98a
 		      state->send_prefix_class = prefix_class_from_context(c);
85f98a
 #endif
85f98a
-		    add_address(state, c, c->lease_time, NULL, &min_time, req_addr, now);
85f98a
-		    mark_context_used(state, req_addr);
85f98a
+		    add_address(state, c, c->lease_time, NULL, &min_time, &req_addr, now);
85f98a
+		    mark_context_used(state, &req_addr);
85f98a
 		    get_context_tag(state, c);
85f98a
 		    address_assigned = 1;
85f98a
 		  }
85f98a
@@ -892,16 +892,19 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 	      
85f98a
 	    for (; ia_option; ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
85f98a
 	      {
85f98a
-		struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
85f98a
+		struct in6_addr req_addr;
85f98a
 		struct dhcp_context *dynamic, *c;
85f98a
 		unsigned int lease_time;
85f98a
 		struct in6_addr addr;
85f98a
 		int config_ok = 0;
85f98a
+
85f98a
+		/* align. */
85f98a
+		memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
85f98a
 		
85f98a
-		if ((c = address6_valid(state->context, req_addr, tagif, 1)))
85f98a
-		  config_ok = config_valid(config, c, &addr) && IN6_ARE_ADDR_EQUAL(&addr, req_addr);
85f98a
+		if ((c = address6_valid(state->context, &req_addr, tagif, 1)))
85f98a
+		  config_ok = config_valid(config, c, &addr) && IN6_ARE_ADDR_EQUAL(&addr, &req_addr);
85f98a
 		
85f98a
-		if ((dynamic = address6_available(state->context, req_addr, tagif, 1)) || c)
85f98a
+		if ((dynamic = address6_available(state->context, &req_addr, tagif, 1)) || c)
85f98a
 		  {
85f98a
 		    if (!dynamic && !config_ok)
85f98a
 		      {
85f98a
@@ -911,7 +914,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 			put_opt6_string(_("address unavailable"));
85f98a
 			end_opt6(o1);
85f98a
 		      }
85f98a
-		    else if (!check_address(state, req_addr))
85f98a
+		    else if (!check_address(state, &req_addr))
85f98a
 		      {
85f98a
 			/* Address leased to another DUID/IAID */
85f98a
 			o1 = new_opt6(OPTION6_STATUS_CODE);
85f98a
@@ -933,7 +936,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 			if (dump_all_prefix_classes && state->ia_type == OPTION6_IA_NA)
85f98a
 			  state->send_prefix_class = prefix_class_from_context(c);
85f98a
 #endif
85f98a
-			add_address(state, dynamic, lease_time, ia_option, &min_time, req_addr, now);
85f98a
+			add_address(state, dynamic, lease_time, ia_option, &min_time, &req_addr, now);
85f98a
 			get_context_tag(state, dynamic);
85f98a
 			address_assigned = 1;
85f98a
 		      }
85f98a
@@ -996,15 +999,17 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 	    for (; ia_option; ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
85f98a
 	      {
85f98a
 		struct dhcp_lease *lease = NULL;
85f98a
-		struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
85f98a
+		struct in6_addr req_addr;
85f98a
 		unsigned int preferred_time =  opt6_uint(ia_option, 16, 4);
85f98a
 		unsigned int valid_time =  opt6_uint(ia_option, 20, 4);
85f98a
 		char *message = NULL;
85f98a
 		struct dhcp_context *this_context;
85f98a
+
85f98a
+		memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); 
85f98a
 		
85f98a
 		if (!(lease = lease6_find(state->clid, state->clid_len,
85f98a
 					  state->ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA, 
85f98a
-					  state->iaid, req_addr)))
85f98a
+					  state->iaid, &req_addr)))
85f98a
 		  {
85f98a
 		    /* If the server cannot find a client entry for the IA the server
85f98a
 		       returns the IA containing no addresses with a Status Code option set
85f98a
@@ -1012,7 +1017,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		    save_counter(iacntr);
85f98a
 		    t1cntr = 0;
85f98a
 		    
85f98a
-		    log6_packet(state, "DHCPREPLY", req_addr, _("lease not found"));
85f98a
+		    log6_packet(state, "DHCPREPLY", &req_addr, _("lease not found"));
85f98a
 		    
85f98a
 		    o1 = new_opt6(OPTION6_STATUS_CODE);
85f98a
 		    put_opt6_short(DHCP6NOBINDING);
85f98a
@@ -1024,15 +1029,15 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		  }
85f98a
 		
85f98a
 		
85f98a
-		if ((this_context = address6_available(state->context, req_addr, tagif, 1)) ||
85f98a
-		    (this_context = address6_valid(state->context, req_addr, tagif, 1)))
85f98a
+		if ((this_context = address6_available(state->context, &req_addr, tagif, 1)) ||
85f98a
+		    (this_context = address6_valid(state->context, &req_addr, tagif, 1)))
85f98a
 		  {
85f98a
 		    struct in6_addr addr;
85f98a
 		    unsigned int lease_time;
85f98a
 
85f98a
 		    get_context_tag(state, this_context);
85f98a
 		    
85f98a
-		    if (config_valid(config, this_context, &addr) && IN6_ARE_ADDR_EQUAL(&addr, req_addr) && have_config(config, CONFIG_TIME))
85f98a
+		    if (config_valid(config, this_context, &addr) && IN6_ARE_ADDR_EQUAL(&addr, &req_addr) && have_config(config, CONFIG_TIME))
85f98a
 		      lease_time = config->lease_time;
85f98a
 		    else 
85f98a
 		      lease_time = this_context->lease_time;
85f98a
@@ -1045,7 +1050,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		      lease_set_hwaddr(lease, state->mac, state->clid, state->mac_len, state->mac_type, state->clid_len, now, 0);
85f98a
 		    if (state->ia_type == OPTION6_IA_NA && state->hostname)
85f98a
 		      {
85f98a
-			char *addr_domain = get_domain6(req_addr);
85f98a
+			char *addr_domain = get_domain6(&req_addr);
85f98a
 			if (!state->send_domain)
85f98a
 			  state->send_domain = addr_domain;
85f98a
 			lease_set_hostname(lease, state->hostname, state->hostname_auth, addr_domain, state->domain); 
85f98a
@@ -1063,12 +1068,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		  } 
85f98a
 
85f98a
 		if (message && (message != state->hostname))
85f98a
-		  log6_packet(state, "DHCPREPLY", req_addr, message);	
85f98a
+		  log6_packet(state, "DHCPREPLY", &req_addr, message);	
85f98a
 		else
85f98a
-		  log6_quiet(state, "DHCPREPLY", req_addr, message);
85f98a
+		  log6_quiet(state, "DHCPREPLY", &req_addr, message);
85f98a
 	
85f98a
 		o1 =  new_opt6(OPTION6_IAADDR);
85f98a
-		put_opt6(req_addr, sizeof(*req_addr));
85f98a
+		put_opt6(&req_addr, sizeof(req_addr));
85f98a
 		put_opt6_long(preferred_time);
85f98a
 		put_opt6_long(valid_time);
85f98a
 		end_opt6(o1);
85f98a
@@ -1100,19 +1105,23 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		 ia_option;
85f98a
 		 ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
85f98a
 	      {
85f98a
-		struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
85f98a
+		struct in6_addr req_addr;
85f98a
+
85f98a
+		/* alignment */
85f98a
+		memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
85f98a
 		
85f98a
-		if (!address6_valid(state->context, req_addr, tagif, 1))
85f98a
+		if (!address6_valid(state->context, &req_addr, tagif, 1))
85f98a
 		  {
85f98a
 		    o1 = new_opt6(OPTION6_STATUS_CODE);
85f98a
 		    put_opt6_short(DHCP6NOTONLINK);
85f98a
 		    put_opt6_string(_("confirm failed"));
85f98a
 		    end_opt6(o1);
85f98a
+		    log6_quiet(state, "DHCPREPLY", &req_addr, _("confirm failed"));
85f98a
 		    return 1;
85f98a
 		  }
85f98a
 
85f98a
 		good_addr = 1;
85f98a
-		log6_quiet(state, "DHCPREPLY", req_addr, state->hostname);
85f98a
+		log6_quiet(state, "DHCPREPLY", &req_addr, state->hostname);
85f98a
 	      }
85f98a
 	  }	 
85f98a
 	
85f98a
@@ -1171,9 +1180,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		 ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24)) 
85f98a
 	      {
85f98a
 		struct dhcp_lease *lease;
85f98a
-		
85f98a
+		struct in6_addr addr;
85f98a
+
85f98a
+		/* align */
85f98a
+		memcpy(&addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
85f98a
 		if ((lease = lease6_find(state->clid, state->clid_len, state->ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA,
85f98a
-					 state->iaid, opt6_ptr(ia_option, 0))))
85f98a
+					 state->iaid, &addr)))
85f98a
 		  lease_prune(lease, now);
85f98a
 		else
85f98a
 		  {
85f98a
@@ -1233,12 +1245,15 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		 ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24)) 
85f98a
 	      {
85f98a
 		struct dhcp_lease *lease;
85f98a
-		struct in6_addr *addrp = opt6_ptr(ia_option, 0);
85f98a
+		struct in6_addr addr;
85f98a
 
85f98a
-		if (have_config(config, CONFIG_ADDR6) && IN6_ARE_ADDR_EQUAL(&config->addr6, addrp))
85f98a
+		/* align */
85f98a
+		memcpy(&addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
85f98a
+
85f98a
+		if (have_config(config, CONFIG_ADDR6) && IN6_ARE_ADDR_EQUAL(&config->addr6, &addr))
85f98a
 		  {
85f98a
 		    prettyprint_time(daemon->dhcp_buff3, DECLINE_BACKOFF);
85f98a
-		    inet_ntop(AF_INET6, addrp, daemon->addrbuff, ADDRSTRLEN);
85f98a
+		    inet_ntop(AF_INET6, &addr, daemon->addrbuff, ADDRSTRLEN);
85f98a
 		    my_syslog(MS_DHCP | LOG_WARNING, _("disabling DHCP static address %s for %s"), 
85f98a
 			      daemon->addrbuff, daemon->dhcp_buff3);
85f98a
 		    config->flags |= CONFIG_DECLINED;
85f98a
@@ -1250,7 +1265,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		    context_tmp->addr_epoch++;
85f98a
 		
85f98a
 		if ((lease = lease6_find(state->clid, state->clid_len, state->ia_type == OPTION6_IA_NA ? LEASE_NA : LEASE_TA,
85f98a
-					 state->iaid, opt6_ptr(ia_option, 0))))
85f98a
+					 state->iaid, &addr)))
85f98a
 		  lease_prune(lease, now);
85f98a
 		else
85f98a
 		  {
85f98a
@@ -1267,7 +1282,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
85f98a
 		      }
85f98a
 		    
85f98a
 		    o1 = new_opt6(OPTION6_IAADDR);
85f98a
-		    put_opt6(opt6_ptr(ia_option, 0), IN6ADDRSZ);
85f98a
+		    put_opt6(&addr, IN6ADDRSZ);
85f98a
 		    put_opt6_long(0);
85f98a
 		    put_opt6_long(0);
85f98a
 		    end_opt6(o1);
85f98a
@@ -1935,7 +1950,11 @@ static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_op
85f98a
 	}
85f98a
       else if (type == OPTION6_IAADDR)
85f98a
 	{
85f98a
-	  inet_ntop(AF_INET6, opt6_ptr(opt, 0), daemon->addrbuff, ADDRSTRLEN);
85f98a
+	  struct in6_addr addr;
85f98a
+
85f98a
+	  /* align */
85f98a
+	  memcpy(&addr, opt6_ptr(opt, 0), IN6ADDRSZ);
85f98a
+	  inet_ntop(AF_INET6, &addr, daemon->addrbuff, ADDRSTRLEN);
85f98a
 	  sprintf(daemon->namebuff, "%s PL=%u VL=%u", 
85f98a
 		  daemon->addrbuff, opt6_uint(opt, 16, 4), opt6_uint(opt, 20, 4));
85f98a
 	  optname = "iaaddr";
85f98a
-- 
85f98a
1.8.3.1
85f98a