ifconfig: reject netmask and broadcast for inet6

We don't support setting netmask or broadcast address for INET6 addresses, and trying to do crashes ifconfig. Handle this the same way as af_link, by rejecting attempts to configure these parameters. PR: 286910 Reported by: Hayzam Sherif <hayzam@alchemilla.io> MFC after: 3 days Reviewed by: zlei, kevans, des, cy Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D50413
2026-01-17 07:11:54 +00:00 · 2025-05-21 04:59:59 +01:00 · 2025-05-21 04:59:59 +01:00 · 59ee9260e6
commit 59ee9260e6
parent 059fbe9a71
3 changed files with 94 additions and 2 deletions
--- a/sbin/ifconfig/af_inet6.c
+++ b/sbin/ifconfig/af_inet6.c
@ -428,6 +428,11 @@ in6_getaddr(const char *addr_str, int which)
 {
        struct in6_px *px = sin6tab_nl[which];

+	if (which == MASK)
+		errx(1, "netmask: invalid option for inet6");
+	if (which == BRDADDR)
+		errx(1, "broadcast: invalid option for inet6");
+
        px->set = true;
        px->plen = 128;
        if (which == ADDR) {
--- a/sbin/ifconfig/tests/Makefile
+++ b/sbin/ifconfig/tests/Makefile
@ -1,5 +1,8 @@
-NETBSD_ATF_TESTS_SH=		nonexistent_test
+NETBSD_ATF_TESTS_SH=	nonexistent_test
+ATF_TESTS_SH+=		inet6
+
+TEST_METADATA+=	execenv="jail"
+TEST_METADATA+=	execenv_jail_params="vnet allow.raw_sockets"

 .include <netbsd-tests.test.mk>
-
 .include <bsd.test.mk>
--- a/sbin/ifconfig/tests/inet6.sh
+++ b/sbin/ifconfig/tests/inet6.sh
@ -0,0 +1,84 @@
+#! /bin/sh
+# SPDX-License-Identifier: ISC
+#
+# Copyright (c) 2025 Lexi Winter
+
+. $(atf_get_srcdir)/../../sys/common/vnet.subr
+
+# Bug 286910: adding 'netmask' or 'broadcast' to an IPv6 address crashed
+# ifconfig.
+
+atf_test_case "netmask" "cleanup"
+netmask_head()
+{
+	atf_set descr "Test invalid 'netmask' option"
+	atf_set require.user root
+}
+
+netmask_body()
+{
+	vnet_init
+
+	ep=$(vnet_mkepair)
+	vnet_mkjail ifcjail ${ep}a
+
+	# Add the address the wrong way
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: netmask: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64
+
+	# Add the address the correct way
+	atf_check -s exit:0 \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64
+	atf_check -s exit:0 -o match:"2001:db8:1::1 prefixlen 64" \
+	    jexec ifcjail ifconfig ${ep}a
+
+	# Remove the address the wrong way
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: netmask: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1 netmask 64 -alias
+}
+
+netmask_cleanup()
+{
+	vnet_cleanup
+}
+
+atf_test_case "broadcast" "cleanup"
+broadcast_head()
+{
+	atf_set descr "Test invalid 'broadcast' option"
+	atf_set require.user root
+}
+
+broadcast_body()
+{
+	vnet_init
+
+	ep=$(vnet_mkepair)
+	vnet_mkjail ifcjail ${ep}a
+
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: broadcast: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a \
+	        inet6 2001:db8:1::1 broadcast 2001:db8:1::ffff
+
+	atf_check -s exit:0 \
+	    jexec ifcjail ifconfig ${ep}a inet6 2001:db8:1::1/64
+
+	atf_check -s exit:1 \
+	    -e match:"ifconfig: broadcast: invalid option for inet6" \
+	    jexec ifcjail ifconfig ${ep}a \
+	        inet6 2001:db8:1::1 broadcast 2001:db:1::ffff -alias
+}
+
+broadcast_cleanup()
+{
+	vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case netmask
+	atf_add_test_case broadcast
+}