IAIDs can start at 0.

I was under the impression that an IAID of 0 is special, but that's
not true. Letting IAID start at zero makes array indexing easier and
avoids an out of bounds access pointed out by dhill.

While here, do not trust IAID received via imsg but do our own
accounting.

diff --git a/sbin/dhcp6leased/engine.c b/sbin/dhcp6leased/engine.c
index 0e059c1..1db1543 100644 (file)
--- a/sbin/dhcp6leased/engine.c
+++ b/sbin/dhcp6leased/engine.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: engine.c,v 1.7 2024/06/03 15:53:26 deraadt Exp $      */
+/*     $OpenBSD: engine.c,v 1.8 2024/06/04 15:48:47 florian Exp $      */
 
 /*
  * Copyright (c) 2017, 2021, 2024 Florian Obser <florian@openbsd.org>
@@ -484,7 +484,7 @@ engine_dispatch_main(int fd, short event, void *bula)
                        SIMPLEQ_INIT(&iface_ia_conf->iface_pd_list);
                        SIMPLEQ_INSERT_TAIL(&iface_conf->iface_ia_list,
                            iface_ia_conf, entry);
-                       iface_conf->ia_count++;
+                       iface_ia_conf->id = iface_conf->ia_count++;
                        if (iface_conf->ia_count > MAX_IA)
                                fatalx("Too many prefix delegation requests.");
                        break;
@@ -787,11 +787,11 @@ parse_dhcp(struct dhcp6leased_iface *iface, struct imsg_dhcp *dhcp)
                        log_debug("%s: IA_PD, IAID: %08x, T1: %u, T2: %u",
                            __func__, ntohl(iapd.iaid), ntohl(iapd.t1),
                            ntohl(iapd.t2));
-                       if (ntohl(iapd.iaid) <= iface_conf->ia_count)
+                       if (ntohl(iapd.iaid) < iface_conf->ia_count)
                                parse_ia_pd_options(p +
                                    sizeof(struct dhcp_iapd), opt_hdr.len -
                                    sizeof(struct dhcp_iapd),
-                                   &pds[ntohl(iapd.iaid) -1]);
+                                   &pds[ntohl(iapd.iaid)]);
                        break;
                case DHO_RAPID_COMMIT:
                        if (opt_hdr.len != 0) {
@@ -818,7 +818,7 @@ parse_dhcp(struct dhcp6leased_iface *iface, struct imsg_dhcp *dhcp)
 
 
        SIMPLEQ_FOREACH(ia_conf, &iface_conf->iface_ia_list, entry) {
-               struct prefix   *pd = &pds[ia_conf->id - 1];
+               struct prefix   *pd = &pds[ia_conf->id];
 
                if (pd->prefix_len == 0) {
                        log_warnx("%s: no IA for IAID %d found", __func__,
@@ -1280,7 +1280,7 @@ configure_interfaces(struct dhcp6leased_iface *iface)
        }
 
        SIMPLEQ_FOREACH(ia_conf, &iface_conf->iface_ia_list, entry) {
-               struct prefix   *pd = &iface->pds[ia_conf->id - 1];
+               struct prefix   *pd = &iface->pds[ia_conf->id];
 
                SIMPLEQ_FOREACH(pd_conf, &ia_conf->iface_pd_list, entry) {
                        send_configure_interface(pd_conf, pd);

diff --git a/sbin/dhcp6leased/frontend.c b/sbin/dhcp6leased/frontend.c
index d683a68..6dc1abe 100644 (file)
--- a/sbin/dhcp6leased/frontend.c
+++ b/sbin/dhcp6leased/frontend.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: frontend.c,v 1.8 2024/06/03 15:53:26 deraadt Exp $    */
+/*     $OpenBSD: frontend.c,v 1.9 2024/06/04 15:48:47 florian Exp $    */
 
 /*
  * Copyright (c) 2017, 2021, 2024 Florian Obser <florian@openbsd.org>
@@ -362,7 +362,7 @@ frontend_dispatch_main(int fd, short event, void *bula)
                        SIMPLEQ_INIT(&iface_ia_conf->iface_pd_list);
                        SIMPLEQ_INSERT_TAIL(&iface_conf->iface_ia_list,
                            iface_ia_conf, entry);
-                       iface_conf->ia_count++;
+                       iface_ia_conf->id = iface_conf->ia_count++;
                        if (iface_conf->ia_count > MAX_IA)
                                fatalx("Too many prefix delegation requests.");
                        break;
@@ -873,7 +873,7 @@ build_packet(uint8_t message_type, struct iface *iface, char *if_name)
                case DHCPREQUEST:
                case DHCPRENEW:
                case DHCPREBIND:
-                       pd = &iface->pds[ia_conf->id - 1];
+                       pd = &iface->pds[ia_conf->id];
                        iaprefix.prefix_len = pd->prefix_len;
                        memcpy(&iaprefix.prefix, &pd->prefix,
                            sizeof(struct in6_addr));

diff --git a/sbin/dhcp6leased/parse.y b/sbin/dhcp6leased/parse.y
index 0e8a50c..940ec15 100644 (file)
--- a/sbin/dhcp6leased/parse.y
+++ b/sbin/dhcp6leased/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.6 2024/06/03 15:53:26 deraadt Exp $       */
+/*     $OpenBSD: parse.y,v 1.7 2024/06/04 15:48:47 florian Exp $       */
 
 /*
  * Copyright (c) 2018, 2024 Florian Obser <florian@openbsd.org>
@@ -176,8 +176,8 @@ ia_pd               : REQUEST PREFIX DELEGATION ON STRING FOR {
                        iface_ia_conf = calloc(1, sizeof(*iface_ia_conf));
                        if (iface_ia_conf == NULL)
                                err(1, "%s: calloc", __func__);
-                       iface_ia_conf->id = ++iface_conf->ia_count;
-                       if (iface_ia_conf->id > MAX_IA) {
+                       iface_ia_conf->id = iface_conf->ia_count++;
+                       if (iface_conf->ia_count > MAX_IA) {
                                yyerror("Too many prefix delegation requests");
                                YYERROR;
                        }