Re: [PATCH v6 16/30] dhcpv6: Use iov_tail in dhcpv6_opt()

On Wed, 4 Jun 2025 15:08:20 +0200 Laurent Vivier wrote:

dhcpv6_opt() and its callers are refactored for iov_tail option parsing, replacing direct offset management for improved robustness.

Its signature is now `bool dhcpv6_opt(iov_tail *data, type)`. `*data` (in/out) points to a found option on `true` return or is restored on `false`. The main dhcpv6() function uses IOV_REMOVE_HEADER for the msg_hdr, then passes the iov_tail (now at options start) to the new dhcpv6_opt().

Signed-off-by: Laurent Vivier --- dhcpv6.c | 178 +++++++++++++++++++++++++++++++------------------------ iov.c | 1 - 2 files changed, 102 insertions(+), 77 deletions(-)

diff --git a/dhcpv6.c b/dhcpv6.c index ae06e646f92f..bd6268804d95 100644 --- a/dhcpv6.c +++ b/dhcpv6.c @@ -280,112 +280,122 @@ static struct resp_not_on_link_t {

/** * dhcpv6_opt() - Get option from DHCPv6 message - * @p: Packet pool, single packet with UDP header - * @offset: Offset to look at, 0: end of header, set to option start + * @data: Buffer with options, set to matching option on return * @type: Option type to look up, network order * - * Return: pointer to option header, or NULL on malformed or missing option + * Return: true if found and @data points to the option header, + * or false on malformed or missing option and @data is + * unmodified. */ -static struct opt_hdr *dhcpv6_opt(const struct pool *p, size_t *offset, - uint16_t type) +static bool dhcpv6_opt(struct iov_tail *data, uint16_t type) { - struct opt_hdr *o; - size_t left; + struct iov_tail head = *data; + struct opt_hdr o_storage; + const struct opt_hdr *o;

- ASSERT(*offset >= UDP_MSG_HDR_SIZE); - - while ((o = packet_get_try(p, 0, *offset, sizeof(*o), &left))) { + while ((o = IOV_PEEK_HEADER(data, o_storage))) { unsigned int opt_len = ntohs(o->l) + sizeof(*o);

- if (ntohs(o->l) > left) - return NULL; + if (opt_len > iov_tail_size(data)) + break;

if (o->t == type) - return o; + return true;

- *offset += opt_len; + iov_tail_drop(data, opt_len); }

- return NULL; + *data = head; + return false; }

/** * dhcpv6_ia_notonlink() - Check if any IA contains non-appropriate addresses - * @p: Packet pool, single packet starting from UDP header + * @data: Data to look at, packet starting from UDP header (input/output) * @la: Address we want to lease to the client * - * Return: pointer to non-appropriate IA_NA or IA_TA, if any, NULL otherwise + * Return: true and @data points to non-appropriate IA_NA or IA_TA, if any, + * false otherwise and @data is unmodified */ -static struct opt_hdr *dhcpv6_ia_notonlink(const struct pool *p, - struct in6_addr *la) +static bool dhcpv6_ia_notonlink(struct iov_tail *data, + struct in6_addr *la) { int ia_types[2] = { OPT_IA_NA, OPT_IA_TA }, *ia_type; + struct opt_ia_addr opt_addr_storage; const struct opt_ia_addr *opt_addr; + struct iov_tail current, ia_base; + struct opt_ia_na ia_storage; char buf[INET6_ADDRSTRLEN]; + const struct opt_ia_na *ia; struct in6_addr req_addr; + struct opt_hdr h_storage; const struct opt_hdr *h; - struct opt_hdr *ia; - size_t offset;

foreach(ia_type, ia_types) { - offset = UDP_MSG_HDR_SIZE; - while ((ia = dhcpv6_opt(p, &offset, *ia_type))) { - if (ntohs(ia->l) < OPT_VSIZE(ia_na)) - return NULL; - - offset += sizeof(struct opt_ia_na); - - while ((h = dhcpv6_opt(p, &offset, OPT_IAAADR))) { - if (ntohs(h->l) != OPT_VSIZE(ia_addr)) - return NULL; - - opt_addr = (const struct opt_ia_addr *)h; + current = *data; + while (dhcpv6_opt(¤t, *ia_type)) { + ia_base = current; + ia = IOV_REMOVE_HEADER(¤t, ia_storage); + if (!ia || ntohs(ia->hdr.l) < OPT_VSIZE(ia_na)) + goto notfound; + + while (dhcpv6_opt(¤t, OPT_IAAADR)) { + h = IOV_PEEK_HEADER(¤t, h_storage); + if (!h || ntohs(h->l) != OPT_VSIZE(ia_addr)) + goto notfound; + + opt_addr = IOV_REMOVE_HEADER(¤t, + opt_addr_storage);

This still comes with the Coverity warning I reported for v5, but now it's a single occurrence: /home/sbrivio/passt/dhcpv6.c:349:5: Type: Dereference null return value (NULL_RETURNS) /home/sbrivio/passt/dhcpv6.c:334:2: Call to null-returning function 1. path: Condition "ia_type - ia_types < 2L /* (int)(sizeof (ia_types) / sizeof (ia_types[0])) */", taking true branch. /home/sbrivio/passt/dhcpv6.c:336:3: 2. path: Condition "dhcpv6_opt(¤t, *ia_type)", taking true branch. /home/sbrivio/passt/dhcpv6.c:339:4: 3. path: Condition "!ia", taking false branch. /home/sbrivio/passt/dhcpv6.c:339:4: 4. path: Condition "__bswap_16(ia->hdr.l) < 12UL /* sizeof (struct opt_ia_na) - sizeof (struct opt_hdr) */", taking false branch. /home/sbrivio/passt/dhcpv6.c:342:4: 5. path: Condition "dhcpv6_opt(¤t, 1280 /* (__uint16_t)(((5 >> 8) & 0xff) | ((5 & 0xff) << 8)) */)", taking true branch. /home/sbrivio/passt/dhcpv6.c:344:5: 6. path: Condition "!h", taking false branch. /home/sbrivio/passt/dhcpv6.c:344:5: 7. path: Condition "__bswap_16(h->l) != 24UL /* sizeof (struct opt_ia_addr) - sizeof (struct opt_hdr) */", taking false branch. /home/sbrivio/passt/dhcpv6.c:347:5: 8. returned_null: "iov_remove_header_" returns "NULL" (checked 9 out of 11 times). /home/sbrivio/passt/iov.c:292:2: Call to null-returning function 8.1. path: Condition "!p", taking true branch. /home/sbrivio/passt/iov.c:293:3: 8.2. return_null: Explicitly returning null. /home/sbrivio/passt/dhcpv6.c:347:5: 9. var_assigned: Assigning: "opt_addr" = "NULL" return value from "iov_remove_header_". /home/sbrivio/passt/dhcpv6.c:349:5: 10. dereference: Dereferencing "opt_addr", which is known to be "NULL". /home/sbrivio/passt/arp.c:84:2: Examples where return value was checked for null 11. example_assign: Example 1: Assigning: "eh" = return value from "iov_remove_header_(data, &eh_storage, 14UL, 1UL)". /home/sbrivio/passt/arp.c:87:2: 12. example_checked: Example 1 (cont.): "eh" has its value checked in "eh". /home/sbrivio/passt/arp.c:86:2: Examples where return value was checked for null 13. example_assign: Example 2: Assigning: "am" = return value from "iov_remove_header_(data, &am_storage, 20UL, 1UL)". /home/sbrivio/passt/arp.c:87:2: 14. example_checked: Example 2 (cont.): "am" has its value checked in "am". /home/sbrivio/passt/dhcp.c:319:2: Examples where return value was checked for null 15. example_assign: Example 3: Assigning: "eh" = return value from "iov_remove_header_(data, &eh_storage, 14UL, 1UL)". /home/sbrivio/passt/dhcp.c:321:2: 16. example_checked: Example 3 (cont.): "eh" has its value checked in "eh". /home/sbrivio/passt/dhcp.c:338:2: Examples where return value was checked for null 17. example_assign: Example 4: Assigning: "m" = return value from "iov_remove_header_(data, &mc, 240UL, 1UL)". /home/sbrivio/passt/dhcp.c:340:2: 18. example_checked: Example 4 (cont.): "m" has its value checked in "m". /home/sbrivio/passt/dhcp.c:371:3: Examples where return value was checked for null 19. example_assign: Example 5: Assigning: "type" = return value from "iov_remove_header_(data, &type_storage, 1UL, 1UL)". /home/sbrivio/passt/dhcp.c:373:3: 20. example_checked: Example 5 (cont.): "type" has its value checked in "type".

req_addr = opt_addr->addr; if (!IN6_ARE_ADDR_EQUAL(la, &req_addr)) - goto err; - - offset += sizeof(struct opt_ia_addr); + goto notonlink; } } }

- return NULL; +notfound: + return false;

-err: +notonlink: info("DHCPv6: requested address %s not on link", inet_ntop(AF_INET6, &req_addr, buf, sizeof(buf))); - return ia; + *data = ia_base; + return true; }

/** * dhcpv6_send_ia_notonlink() - Send NotOnLink status - * @c: Execution context - * @ia: Pointer to non-appropriate IA_NA or IA_TA - * @client_id: Client ID message option - * xid: Transaction ID for message exchange + * @c: Execution context + * @ia_base: Non-appropriate IA_NA or IA_TA base + * @client_id_base: Client ID message option base + * @len: Client ID length + * @xid: Transaction ID for message exchange */ -static void dhcpv6_send_ia_notonlink(struct ctx *c, struct opt_hdr *ia, - const struct opt_hdr *client_id, - uint32_t xid) +static void dhcpv6_send_ia_notonlink(struct ctx *c, + const struct iov_tail *ia_base, + const struct iov_tail *client_id_base, + int len, uint32_t xid) { const struct in6_addr *src = &c->ip6.our_tap_ll; + struct opt_hdr *ia = (struct opt_hdr *)resp_not_on_link.var; size_t n;

info("DHCPv6: received CONFIRM with inappropriate IA," " sending NotOnLink status in REPLY");

- ia->l = htons(OPT_VSIZE(ia_na) + sizeof(sc_not_on_link)); - n = sizeof(struct opt_ia_na); - memcpy(resp_not_on_link.var, ia, n); + iov_to_buf(&ia_base->iov[0], ia_base->cnt, ia_base->off, + resp_not_on_link.var, n); + ia->l = htons(OPT_VSIZE(ia_na) + sizeof(sc_not_on_link)); memcpy(resp_not_on_link.var + n, &sc_not_on_link, sizeof(sc_not_on_link));

n += sizeof(sc_not_on_link); - memcpy(resp_not_on_link.var + n, client_id, - sizeof(struct opt_hdr) + ntohs(client_id->l)); + iov_to_buf(&client_id_base->iov[0], client_id_base->cnt, + client_id_base->off, resp_not_on_link.var + n, + sizeof(struct opt_hdr) + len);

- n += sizeof(struct opt_hdr) + ntohs(client_id->l); + n += sizeof(struct opt_hdr) + len;

n = offsetof(struct resp_not_on_link_t, var) + n;

@@ -474,17 +484,19 @@ search:

/** * dhcpv6_client_fqdn_fill() - Fill in client FQDN option + * @data: Data to look at * @c: Execution context * @buf: Response message buffer where options will be appended * @offset: Offset in message buffer for new options * * Return: updated length of response message buffer. */ -static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c, +static size_t dhcpv6_client_fqdn_fill(const struct iov_tail *data, + const struct ctx *c, char *buf, int offset)

{ - struct opt_client_fqdn const *req_opt; + struct iov_tail current = *data; struct opt_client_fqdn *o; size_t opt_len;

@@ -502,14 +514,16 @@ static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c, }

o = (struct opt_client_fqdn *)(buf + offset); + o->flags = 0x00; encode_domain_name(o->domain_name, c->fqdn); - req_opt = (struct opt_client_fqdn *)dhcpv6_opt(p, - &(size_t){ UDP_MSG_HDR_SIZE }, - OPT_CLIENT_FQDN); - if (req_opt && req_opt->flags & 0x01 /* S flag */) - o->flags = 0x02 /* O flag */; - else - o->flags = 0x00; + if (dhcpv6_opt(¤t, OPT_CLIENT_FQDN)) { + struct opt_client_fqdn req_opt_storage; + struct opt_client_fqdn const *req_opt; + + req_opt = IOV_PEEK_HEADER(¤t, req_opt_storage); + if (req_opt && req_opt->flags & 0x01 /* S flag */) + o->flags = 0x02 /* O flag */; + }

opt_len++;

@@ -531,14 +545,18 @@ static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c, int dhcpv6(struct ctx *c, const struct pool *p, const struct in6_addr *saddr, const struct in6_addr *daddr) { - const struct opt_hdr *client_id, *server_id, *ia; + const struct opt_server_id *server_id = NULL; + struct iov_tail data, opt, client_id_base; + const struct opt_hdr *client_id = NULL; + struct opt_server_id server_id_storage; + const struct opt_ia_na *ia = NULL; + struct opt_hdr client_id_storage; + struct opt_ia_na ia_storage; const struct in6_addr *src; struct msg_hdr mh_storage; const struct msg_hdr *mh; struct udphdr uh_storage; const struct udphdr *uh; - struct opt_hdr *bad_ia; - struct iov_tail data; size_t mlen, n;

if (!packet_data(p, 0, &data)) @@ -565,20 +583,26 @@ int dhcpv6(struct ctx *c, const struct pool *p,

src = &c->ip6.our_tap_ll;

- mh = IOV_PEEK_HEADER(&data, mh_storage); + mh = IOV_REMOVE_HEADER(&data, mh_storage); if (!mh) return -1;

- client_id = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_CLIENTID); + client_id_base = data; + if (dhcpv6_opt(&client_id_base, OPT_CLIENTID)) + client_id = IOV_PEEK_HEADER(&client_id_base, client_id_storage); if (!client_id || ntohs(client_id->l) > OPT_VSIZE(client_id)) return -1;

- server_id = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_SERVERID); - if (server_id && ntohs(server_id->l) != OPT_VSIZE(server_id)) + opt = data; + if (dhcpv6_opt(&opt, OPT_SERVERID)) + server_id = IOV_PEEK_HEADER(&opt, server_id_storage); + if (server_id && ntohs(server_id->hdr.l) != OPT_VSIZE(server_id)) return -1;

- ia = dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_IA_NA); - if (ia && ntohs(ia->l) < MIN(OPT_VSIZE(ia_na), OPT_VSIZE(ia_ta))) + opt = data; + if (dhcpv6_opt(&opt, OPT_IA_NA)) + ia = IOV_PEEK_HEADER(&opt, ia_storage); + if (ia && ntohs(ia->hdr.l) < MIN(OPT_VSIZE(ia_na), OPT_VSIZE(ia_ta))) return -1;

resp.hdr.type = TYPE_REPLY; @@ -593,9 +617,10 @@ int dhcpv6(struct ctx *c, const struct pool *p, if (mh->type == TYPE_CONFIRM && server_id) return -1;

- if ((bad_ia = dhcpv6_ia_notonlink(p, &c->ip6.addr))) { + if (dhcpv6_ia_notonlink(&data, &c->ip6.addr)) {

- dhcpv6_send_ia_notonlink(c, bad_ia, client_id, mh->xid); + dhcpv6_send_ia_notonlink(c, &data, &client_id_base, + ntohs(client_id->l), mh->xid);

return 1; } @@ -607,7 +632,7 @@ int dhcpv6(struct ctx *c, const struct pool *p, memcmp(&resp.server_id, server_id, sizeof(resp.server_id))) return -1;

- if (ia || dhcpv6_opt(p, &(size_t){ UDP_MSG_HDR_SIZE }, OPT_IA_TA)) + if (ia || dhcpv6_opt(&data, OPT_IA_TA)) return -1;

info("DHCPv6: received INFORMATION_REQUEST, sending REPLY"); @@ -633,13 +658,14 @@ int dhcpv6(struct ctx *c, const struct pool *p, if (ia) resp.ia_na.iaid = ((struct opt_ia_na *)ia)->iaid;

- memcpy(&resp.client_id, client_id, - ntohs(client_id->l) + sizeof(struct opt_hdr)); + iov_to_buf(&client_id_base.iov[0], client_id_base.cnt, + client_id_base.off, &resp.client_id, + ntohs(client_id->l) + sizeof(struct opt_hdr));

n = offsetof(struct resp_t, client_id) + sizeof(struct opt_hdr) + ntohs(client_id->l); n = dhcpv6_dns_fill(c, (char *)&resp, n); - n = dhcpv6_client_fqdn_fill(p, c, (char *)&resp, n); + n = dhcpv6_client_fqdn_fill(&data, c, (char *)&resp, n);

resp.hdr.xid = mh->xid;

diff --git a/iov.c b/iov.c index ca6a35574f1b..76d261f804ca 100644 --- a/iov.c +++ b/iov.c @@ -109,7 +109,6 @@ size_t iov_from_buf(const struct iovec *iov, size_t iov_cnt, * * Returns: The number of bytes successfully copied. */ -/* cppcheck-suppress [staticFunction] */ size_t iov_to_buf(const struct iovec *iov, size_t iov_cnt, size_t offset, void *buf, size_t bytes) {

-- Stefano