diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2021-05-31 16:54:46 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2021-05-31 16:54:46 +0000 |
| commit | 33021ccdb373f768b2f47d59fbdf0eda0af87e3c (patch) | |
| tree | 1613767b048be46825bb26957b1c6e0a3bbeba06 /sbin/iked | |
| parent | 4da776f3e3ce80ea67cba906d720900baa6ba13e (diff) | |
Prevent address underflow with /32 config address prefix.
Only skip .0 address if the pool is big enough.
ok patrick@
Diffstat (limited to 'sbin/iked')
| -rw-r--r-- | sbin/iked/ikev2.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 896f44d51b4..6c6a374b156 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.320 2021/05/13 15:20:48 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.321 2021/05/31 16:54:45 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -6951,10 +6951,13 @@ ikev2_cp_setaddr_pool(struct iked *env, struct iked_sa *sa, return (-1); } - if (lower == 0) - lower = 1; /* Note that start, upper and host are in HOST byte order */ upper = ntohl(~mask); + /* skip .0 address if possible */ + if (lower < upper && lower == 0) + lower = 1; + if (upper < lower) + upper = lower; /* Randomly select start from [lower, upper-1] */ start = arc4random_uniform(upper - lower) + lower; |