diff options
| author | Anatole Denis <natolumin@unverle.fr> | 2019-10-15 11:16:29 +0200 |
|---|---|---|
| committer | Anatole Denis <natolumin@unverle.fr> | 2019-10-15 11:19:43 +0200 |
| commit | 4a980462f24f67f989ac2860fcf9879aef3e3fa0 (patch) | |
| tree | 21214730f7dec53c3c226554535a4bc7b8db2888 /dhcpv4/server4 | |
| parent | 62a3f6317a49b19232e67faa31d90f94b522eb82 (diff) | |
server4: Only allow IPv4 addresses
IPv6 addresses would not cause a crash, but would silently listen on the
wildcard address instead of the passed address, which is surprising at
best. Instead check for the address family and reject non-v4 addresses
Signed-off-by: Anatole Denis <natolumin@unverle.fr>
Diffstat (limited to 'dhcpv4/server4')
| -rw-r--r-- | dhcpv4/server4/conn.go | 3 | ||||
| -rw-r--r-- | dhcpv4/server4/server_test.go | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/dhcpv4/server4/conn.go b/dhcpv4/server4/conn.go index d62a5ac..3e49669 100644 --- a/dhcpv4/server4/conn.go +++ b/dhcpv4/server4/conn.go @@ -43,6 +43,9 @@ func NewIPv4UDPConn(iface string, addr *net.UDPAddr) (*net.UDPConn, error) { } // Bind to the port. saddr := unix.SockaddrInet4{Port: addr.Port} + if addr.IP != nil && addr.IP.To4() == nil { + return nil, fmt.Errorf("wrong address family (expected v4) for %s", addr.IP) + } copy(saddr.Addr[:], addr.IP.To4()) if err := unix.Bind(fd, &saddr); err != nil { return nil, fmt.Errorf("cannot bind to port %d: %v", addr.Port, err) diff --git a/dhcpv4/server4/server_test.go b/dhcpv4/server4/server_test.go index da2b199..43314ad 100644 --- a/dhcpv4/server4/server_test.go +++ b/dhcpv4/server4/server_test.go @@ -116,3 +116,14 @@ func TestServer(t *testing.T) { require.Equal(t, ifaces[0].HardwareAddr, p.ClientHWAddr) } } + +func TestBadAddrFamily(t *testing.T) { + saddr := &net.UDPAddr{ + IP: net.IPv6loopback, + Port: 0, + } + _, err := NewServer("", saddr, DORAHandler) + if err == nil { + t.Fatal("Expected server4.NewServer to fail with an IPv6 address") + } +} |