[Openvpn-devel,v4,1/7] pool: prevent IPv6 pools to be larger than 2^16 addresses

Message ID 20200530000600.1680-2-a@unstable.cc
State Accepted
Headers show
Series
  • Allow IPv6-only tunnels
Related show

Commit Message

Antonio Quartulli May 30, 2020, 12:05 a.m.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 src/openvpn/pool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Gert Doering May 30, 2020, 8:25 a.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

This was an oversight by me, when initially implementing this - the
intention was always "cap the IPv6 pool size at 2^16", not "let it
grow until 2^31 and then cap to 2^16 thereafter".  It did no harm, 
as the IPv6 pool was always limited by IPv4 pool size (which is capped
to 2^16) - but with the "there can can be an IPv6-only pool now" 
work, this could lead to interesting malloc() explosions.

Your patch has been applied to the master and release/2.4 branch (bugfix).

commit 81d66a1f14d4be3282dd648ecc2049658e3a65ed (master)
commit fc0297143494e0a0f08564d90dbb210669d0abf5 (release/2.4)
Author: Antonio Quartulli
Date:   Sat May 30 02:05:54 2020 +0200

     pool: prevent IPv6 pools to be larger than 2^16 addresses

     Signed-off-by: Antonio Quartulli <a@unstable.cc>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20200530000600.1680-2-a@unstable.cc>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19945.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index 5d503a33..6dd72bb9 100644
--- a/src/openvpn/pool.c
+++ b/src/openvpn/pool.c
@@ -183,7 +183,7 @@  ifconfig_pool_init(enum pool_type type, in_addr_t start, in_addr_t end,
     if (pool->ipv6.enabled)
     {
         pool->ipv6.base = ipv6_base;
-        pool->ipv6.size = ipv6_netbits > 96 ? (1 << (128 - ipv6_netbits))
+        pool->ipv6.size = ipv6_netbits > 112 ? (1 << (128 - ipv6_netbits))
                           : IFCONFIG_POOL_MAX;
 
         msg( D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: (IPv4) size=%d, size_ipv6=%d, netbits=%d, base_ipv6=%s",