Opened 12 months ago

Last modified 11 months ago

#920 accepted Bug / Defect

Specifying an IPv6 pool with a mask between 96 and 112 results in a pool bigger than IFCONFIG_POOL_MAX

Reported by: znerol Owned by: Gert Döring
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

pool.h:

#define IFCONFIG_POOL_MAX         65536

pool.c:

struct ifconfig_pool *
ifconfig_pool_init(int type, in_addr_t start, in_addr_t end,
                   const bool duplicate_cn,
                   const bool ipv6_pool, const struct in6_addr ipv6_base,
                   const int ipv6_netbits )
{

[...]

        pool->size_ipv6 = ipv6_netbits>96 ? ( 1<<(128-ipv6_netbits) )
                          : IFCONFIG_POOL_MAX;

        msg( D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: (IPv4) size=%d, size_ipv6=%d, netbits=%d, base_ipv6=%s",
             pool->size, pool->size_ipv6, ipv6_netbits,
             print_in6_addr( pool->base_ipv6, 0, &gc ));

[...]

}

The intention behind this piece of code is likely to choose a pool size which is never bigger than IFCONFIG_POOL_MAX. Regrettably 128-96 is 32 while the IFCONFIG_POOL_MAX is 216, so we better should check for ipv6_netbits>112 (128-16) instead.

Attachments (1)

ipv6-pool-max.patch (584 bytes) - added by znerol 12 months ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 12 months ago by znerol

Some tests (this is openvpn on debian/stretch 2.4.0-6+deb9u1)

server-ipv6 2001:DB8::/96
Sun Jul 23 00:08:22 2017 us=664226 IFCONFIG POOL IPv6: (IPv4) size=62, size_ipv6=65536, netbits=96, base_ipv6=2001:db8::1000

server-ipv6 2001:DB8::/97
Sun Jul 23 00:09:01 2017 us=636993 IFCONFIG POOL IPv6: (IPv4) size=62, size_ipv6=-2147483648, netbits=97, base_ipv6=2001:db8::1000

server-ipv6 2001:DB8::/98
Sun Jul 23 00:09:26 2017 us=108708 IFCONFIG POOL IPv6: (IPv4) size=62, size_ipv6=1073741824, netbits=98, base_ipv6=2001:db8::1000

server-ipv6 2001:DB8::/99
Sun Jul 23 00:09:50 2017 us=136158 IFCONFIG POOL IPv6: (IPv4) size=62, size_ipv6=536870912, netbits=99, base_ipv6=2001:db8::1000

Changed 12 months ago by znerol

Attachment: ipv6-pool-max.patch added

comment:2 Changed 12 months ago by Gert Döring

Owner: set to Gert Döring
Status: newaccepted

That whole calculation is a bit misleading, as there is no true "ipv6 pool" anyway (the code uses the IPv4 pool, and then takes the offset for the IPv4 address from the start of the pool to calculate the IPv6 address).

I need to review the code, but I think all that check is used for is "ensure we do not overrun the IPv6 pool range" - so the calculation mainly needs to make sure that there is no integer overflow.

So, arguably your patch is right, but maybe things need a bit more thorough review.

comment:3 Changed 11 months ago by tincantech

Watching

Note: See TracTickets for help on using tickets.