From 4f76c89141550d613ad017f2957a9d365f07ddb1 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@openbsd.org>
Date: Mon, 31 May 2021 16:54:45 +0000
Subject: [PATCH] Prevent address underflow with /32 config address prefix.
 Only skip .0 address if the pool is big enough.

ok patrick@
---
 sbin/iked/ikev2.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 896f44d51b4..6c6a374b156 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.320 2021/05/13 15:20:48 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.321 2021/05/31 16:54:45 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -6951,10 +6951,13 @@ ikev2_cp_setaddr_pool(struct iked *env, struct iked_sa *sa,
 		return (-1);
 	}
 
-	if (lower == 0)
-		lower = 1;
 	/* Note that start, upper and host are in HOST byte order */
 	upper = ntohl(~mask);
+	/* skip .0 address if possible */
+	if (lower < upper && lower == 0)
+		lower = 1;
+	if (upper < lower)
+		upper = lower;
 	/* Randomly select start from [lower, upper-1] */
 	start = arc4random_uniform(upper - lower) + lower;
 
-- 
2.20.1