diff options
author | Hans Dedecker <dedeckeh@gmail.com> | 2018-05-19 22:37:27 +0200 |
---|---|---|
committer | Hans Dedecker <dedeckeh@gmail.com> | 2018-05-24 21:53:55 +0200 |
commit | d7aa414e47da1ab41df8b07307087c0e91b4ffa9 (patch) | |
tree | dd15cc4ad1ea8f3bcb6822fa1af28b923ad62931 /src | |
parent | 373495ad610cfffaeac833283d1431e6328a109a (diff) |
dhcpv6: improve error checking in dhcpv6_setup_interface()
Improve error checking fixing resource leakage detected by Coverity in
CID 1430880
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/dhcpv6.c | 119 | ||||
-rw-r--r-- | src/dhcpv6.h | 6 |
2 files changed, 95 insertions, 30 deletions
diff --git a/src/dhcpv6.c b/src/dhcpv6.c index e092c10..de3830d 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -43,6 +43,8 @@ int dhcpv6_init(void) int dhcpv6_setup_interface(struct interface *iface, bool enable) { + int ret = 0; + if (iface->dhcpv6_event.uloop.fd > 0) { uloop_fd_delete(&iface->dhcpv6_event.uloop); close(iface->dhcpv6_event.uloop.fd); @@ -51,47 +53,107 @@ int dhcpv6_setup_interface(struct interface *iface, bool enable) // Configure multicast settings if (enable && iface->dhcpv6) { - int sock = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP); - if (sock < 0) { - syslog(LOG_ERR, "Failed to create DHCPv6 server socket: %m"); - return -1; + struct sockaddr_in6 bind_addr = {AF_INET6, htons(DHCPV6_SERVER_PORT), + 0, IN6ADDR_ANY_INIT, 0}; + struct ipv6_mreq mreq; + int val = 1; + + iface->dhcpv6_event.uloop.fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP); + if (iface->dhcpv6_event.uloop.fd < 0) { + syslog(LOG_ERR, "socket(AF_INET6): %m"); + ret = -1; + goto out; } // Basic IPv6 configuration - setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, iface->ifname, strlen(iface->ifname)); + if (setsockopt(iface->dhcpv6_event.uloop.fd, SOL_SOCKET, SO_BINDTODEVICE, + iface->ifname, strlen(iface->ifname)) < 0) { + syslog(LOG_ERR, "setsockopt(SO_BINDTODEVICE): %m"); + ret = -1; + goto out; + } - int val = 1; - setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val)); - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)); - setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val)); + if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_V6ONLY, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_V6ONLY): %m"); + ret = -1; + goto out; + } + + if (setsockopt(iface->dhcpv6_event.uloop.fd, SOL_SOCKET, SO_REUSEADDR, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(SO_REUSEADDR): %m"); + ret = -1; + goto out; + } + + if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %m"); + ret = -1; + goto out; + } val = DHCPV6_HOP_COUNT_LIMIT; - setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val)); + if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m"); + ret = -1; + goto out; + } val = 0; - setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val)); + if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, + &val, sizeof(val)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_LOOP): %m"); + ret = -1; + goto out; + } - struct sockaddr_in6 bind_addr = {AF_INET6, htons(DHCPV6_SERVER_PORT), - 0, IN6ADDR_ANY_INIT, 0}; + if (bind(iface->dhcpv6_event.uloop.fd, (struct sockaddr*)&bind_addr, + sizeof(bind_addr)) < 0) { + syslog(LOG_ERR, "bind(): %m"); + ret = -1; + goto out; + } + + memset(&mreq, 0, sizeof(mreq)); + inet_pton(AF_INET6, ALL_DHCPV6_RELAYS, &mreq.ipv6mr_multiaddr); + mreq.ipv6mr_interface = iface->ifindex; - if (bind(sock, (struct sockaddr*)&bind_addr, sizeof(bind_addr))) { - syslog(LOG_ERR, "Failed to open DHCPv6 server socket: %m"); - return -1; + if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, + &mreq, sizeof(mreq)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m"); + ret = -1; + goto out; } - struct ipv6_mreq relay = {ALL_DHCPV6_RELAYS, iface->ifindex}; - struct ipv6_mreq server = {ALL_DHCPV6_SERVERS, iface->ifindex}; - setsockopt(sock, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &relay, sizeof(relay)); + if (iface->dhcpv6 == MODE_SERVER) { + memset(&mreq, 0, sizeof(mreq)); + inet_pton(AF_INET6, ALL_DHCPV6_SERVERS, &mreq.ipv6mr_multiaddr); + mreq.ipv6mr_interface = iface->ifindex; - if (iface->dhcpv6 == MODE_SERVER) - setsockopt(sock, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &server, sizeof(server)); + if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, + &mreq, sizeof(mreq)) < 0) { + syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m"); + ret = -1; + goto out; + } + } - iface->dhcpv6_event.uloop.fd = sock; iface->dhcpv6_event.handle_dgram = handle_dhcpv6; odhcpd_register(&iface->dhcpv6_event); } - return dhcpv6_setup_ia_interface(iface, enable); + ret = dhcpv6_setup_ia_interface(iface, enable); + +out: + if (ret < 0 && iface->dhcpv6_event.uloop.fd > 0) { + close(iface->dhcpv6_event.uloop.fd); + iface->dhcpv6_event.uloop.fd = -1; + } + + return ret; } enum { @@ -503,6 +565,8 @@ static void relay_client_request(struct sockaddr_in6 *source, { struct interface *master = odhcpd_get_master_interface(); const struct dhcpv6_relay_header *h = data; + struct sockaddr_in6 s; + if (!master || master->dhcpv6 != MODE_RELAY || h->msg_type == DHCPV6_MSG_RELAY_REPL || h->msg_type == DHCPV6_MSG_RECONFIGURE || @@ -549,8 +613,11 @@ static void relay_client_request(struct sockaddr_in6 *source, memcpy(&hdr.link_address, &ip->addr.in6, sizeof(hdr.link_address)); - struct sockaddr_in6 dhcpv6_servers = {AF_INET6, - htons(DHCPV6_SERVER_PORT), 0, ALL_DHCPV6_SERVERS, 0}; + memset(&s, 0, sizeof(s)); + s.sin6_family = AF_INET6; + s.sin6_port = htons(DHCPV6_SERVER_PORT); + inet_pton(AF_INET6, ALL_DHCPV6_SERVERS, &s.sin6_addr); + struct iovec iov[2] = {{&hdr, sizeof(hdr)}, {(void*)data, len}}; - odhcpd_send(master->dhcpv6_event.uloop.fd, &dhcpv6_servers, iov, 2, master); + odhcpd_send(master->dhcpv6_event.uloop.fd, &s, iov, 2, master); } diff --git a/src/dhcpv6.h b/src/dhcpv6.h index 08dac6c..7e2f936 100644 --- a/src/dhcpv6.h +++ b/src/dhcpv6.h @@ -16,11 +16,9 @@ #include <libubox/ustream.h> #include "odhcpd.h" -#define ALL_DHCPV6_RELAYS {{{0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02}}} +#define ALL_DHCPV6_RELAYS "ff02::1:2" -#define ALL_DHCPV6_SERVERS {{{0xff, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x03}}} +#define ALL_DHCPV6_SERVERS "ff05::1:3" #define DHCPV6_CLIENT_PORT 546 #define DHCPV6_SERVER_PORT 547 |