Prevent address underflow with /32 config address prefix.

author tobhe <tobhe@openbsd.org>

Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)

committer tobhe <tobhe@openbsd.org>

Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)
author tobhe <tobhe@openbsd.org>
Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)
committer tobhe <tobhe@openbsd.org>
Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c

index 896f44d..6c6a374 100644 (file)
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ikev2.c,v 1.320 2021/05/13 15:20:48 tobhe Exp $       */
+/*     $OpenBSD: ikev2.c,v 1.321 2021/05/31 16:54:45 tobhe Exp $       */
  
  /*
   * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -6951,10 +6951,13 @@ ikev2_cp_setaddr_pool(struct iked *env, struct iked_sa *sa,
                 return (-1);
         }
  
-       if (lower == 0)
-               lower = 1;
         /* Note that start, upper and host are in HOST byte order */
         upper = ntohl(~mask);
+       /* skip .0 address if possible */
+       if (lower < upper && lower == 0)
+               lower = 1;
+       if (upper < lower)
+               upper = lower;
         /* Randomly select start from [lower, upper-1] */
         start = arc4random_uniform(upper - lower) + lower;
author	tobhe <tobhe@openbsd.org>
	Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)
committer	tobhe <tobhe@openbsd.org>
	Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)