search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1
[dragonfly.git] / crypto / openssh / addr.c
blobabf3e3d9781810008863f1d097e03c436980b968
1 /* $OpenBSD: addr.c,v 1.5 2022/04/29 04:55:07 djm Exp $ */
2
3 /*
4 * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 #include "includes.h"
20
21 #include <sys/types.h>
22 #include <sys/socket.h>
23 #include <netinet/in.h>
24 #include <arpa/inet.h>
25
26 #include <netdb.h>
27 #include <string.h>
28 #include <stdlib.h>
29 #include <stdio.h>
30
31 #include "addr.h"
32
33 #define _SA(x) ((struct sockaddr *)(x))
34
35 int
36 addr_unicast_masklen(int af)
37 {
38 switch (af) {
39 case AF_INET:
40 return 32;
41 case AF_INET6:
42 return 128;
43 default:
44 return -1;
45 }
46 }
47
48 static inline int
49 masklen_valid(int af, u_int masklen)
50 {
51 switch (af) {
52 case AF_INET:
53 return masklen <= 32 ? 0 : -1;
54 case AF_INET6:
55 return masklen <= 128 ? 0 : -1;
56 default:
57 return -1;
58 }
59 }
60
61 int
62 addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa, socklen_t *len,
63 u_int16_t port)
64 {
65 struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
66 struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
67
68 if (xa == NULL || sa == NULL || len == NULL)
69 return -1;
70
71 switch (xa->af) {
72 case AF_INET:
73 if (*len < sizeof(*in4))
74 return -1;
75 memset(sa, '\0', sizeof(*in4));
76 *len = sizeof(*in4);
77 #ifdef SOCK_HAS_LEN
78 in4->sin_len = sizeof(*in4);
79 #endif
80 in4->sin_family = AF_INET;
81 in4->sin_port = htons(port);
82 memcpy(&in4->sin_addr, &xa->v4, sizeof(in4->sin_addr));
83 break;
84 case AF_INET6:
85 if (*len < sizeof(*in6))
86 return -1;
87 memset(sa, '\0', sizeof(*in6));
88 *len = sizeof(*in6);
89 #ifdef SOCK_HAS_LEN
90 in6->sin6_len = sizeof(*in6);
91 #endif
92 in6->sin6_family = AF_INET6;
93 in6->sin6_port = htons(port);
94 memcpy(&in6->sin6_addr, &xa->v6, sizeof(in6->sin6_addr));
95 #ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
96 in6->sin6_scope_id = xa->scope_id;
97 #endif
98 break;
99 default:
100 return -1;
101 }
102 return 0;
103 }
104
105 /*
106 * Convert struct sockaddr to struct xaddr
107 * Returns 0 on success, -1 on failure.
108 */
109 int
110 addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
111 {
112 struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
113 struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
114
115 memset(xa, '\0', sizeof(*xa));
116
117 switch (sa->sa_family) {
118 case AF_INET:
119 if (slen < (socklen_t)sizeof(*in4))
120 return -1;
121 xa->af = AF_INET;
122 memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
123 break;
124 case AF_INET6:
125 if (slen < (socklen_t)sizeof(*in6))
126 return -1;
127 xa->af = AF_INET6;
128 memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
129 #ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
130 xa->scope_id = in6->sin6_scope_id;
131 #endif
132 break;
133 default:
134 return -1;
135 }
136
137 return 0;
138 }
139
140 int
141 addr_invert(struct xaddr *n)
142 {
143 int i;
144
145 if (n == NULL)
146 return -1;
147
148 switch (n->af) {
149 case AF_INET:
150 n->v4.s_addr = ~n->v4.s_addr;
151 return 0;
152 case AF_INET6:
153 for (i = 0; i < 4; i++)
154 n->addr32[i] = ~n->addr32[i];
155 return 0;
156 default:
157 return -1;
158 }
159 }
160
161 /*
162 * Calculate a netmask of length 'l' for address family 'af' and
163 * store it in 'n'.
164 * Returns 0 on success, -1 on failure.
165 */
166 int
167 addr_netmask(int af, u_int l, struct xaddr *n)
168 {
169 int i;
170
171 if (masklen_valid(af, l) != 0 || n == NULL)
172 return -1;
173
174 memset(n, '\0', sizeof(*n));
175 switch (af) {
176 case AF_INET:
177 n->af = AF_INET;
178 if (l == 0)
179 return 0;
180 n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
181 return 0;
182 case AF_INET6:
183 n->af = AF_INET6;
184 for (i = 0; i < 4 && l >= 32; i++, l -= 32)
185 n->addr32[i] = 0xffffffffU;
186 if (i < 4 && l != 0)
187 n->addr32[i] = htonl((0xffffffff << (32 - l)) &
188 0xffffffff);
189 return 0;
190 default:
191 return -1;
192 }
193 }
194
195 int
196 addr_hostmask(int af, u_int l, struct xaddr *n)
197 {
198 if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
199 return -1;
200 return 0;
201 }
202
203 /*
204 * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
205 * Returns 0 on success, -1 on failure.
206 */
207 int
208 addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
209 {
210 int i;
211
212 if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
213 return -1;
214
215 memcpy(dst, a, sizeof(*dst));
216 switch (a->af) {
217 case AF_INET:
218 dst->v4.s_addr &= b->v4.s_addr;
219 return 0;
220 case AF_INET6:
221 dst->scope_id = a->scope_id;
222 for (i = 0; i < 4; i++)
223 dst->addr32[i] &= b->addr32[i];
224 return 0;
225 default:
226 return -1;
227 }
228 }
229
230 int
231 addr_cmp(const struct xaddr *a, const struct xaddr *b)
232 {
233 int i;
234
235 if (a->af != b->af)
236 return (a->af == AF_INET6 ? 1 : -1);
237
238 switch (a->af) {
239 case AF_INET:
240 /*
241 * Can't just subtract here as 255.255.255.255 - 0.0.0.0 is
242 * too big to fit into a signed int
243 */
244 if (a->v4.s_addr == b->v4.s_addr)
245 return 0;
246 return (ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1);
247 case AF_INET6:
248 /*
249 * Do this a byte at a time to avoid the above issue and
250 * any endian problems
251 */
252 for (i = 0; i < 16; i++)
253 if (a->addr8[i] - b->addr8[i] != 0)
254 return (a->addr8[i] - b->addr8[i]);
255 if (a->scope_id == b->scope_id)
256 return (0);
257 return (a->scope_id > b->scope_id ? 1 : -1);
258 default:
259 return (-1);
260 }
261 }
262
263 int
264 addr_is_all0s(const struct xaddr *a)
265 {
266 int i;
267
268 switch (a->af) {
269 case AF_INET:
270 return (a->v4.s_addr == 0 ? 0 : -1);
271 case AF_INET6:
272 for (i = 0; i < 4; i++)
273 if (a->addr32[i] != 0)
274 return -1;
275 return 0;
276 default:
277 return -1;
278 }
279 }
280
281 /*
282 * Test whether host portion of address 'a', as determined by 'masklen'
283 * is all zeros.
284 * Returns 0 if host portion of address is all-zeros,
285 * -1 if not all zeros or on failure.
286 */
287 int
288 addr_host_is_all0s(const struct xaddr *a, u_int masklen)
289 {
290 struct xaddr tmp_addr, tmp_mask, tmp_result;
291
292 memcpy(&tmp_addr, a, sizeof(tmp_addr));
293 if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
294 return -1;
295 if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
296 return -1;
297 return addr_is_all0s(&tmp_result);
298 }
299
300 /*
301 * Parse string address 'p' into 'n'.
302 * Returns 0 on success, -1 on failure.
303 */
304 int
305 addr_pton(const char *p, struct xaddr *n)
306 {
307 struct addrinfo hints, *ai;
308
309 memset(&hints, '\0', sizeof(hints));
310 hints.ai_flags = AI_NUMERICHOST;
311
312 if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
313 return -1;
314
315 if (ai == NULL)
316 return -1;
317
318 if (ai->ai_addr == NULL) {
319 freeaddrinfo(ai);
320 return -1;
321 }
322
323 if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen,
324 n) == -1) {
325 freeaddrinfo(ai);
326 return -1;
327 }
328
329 freeaddrinfo(ai);
330 return 0;
331 }
332
333 int
334 addr_sa_pton(const char *h, const char *s, struct sockaddr *sa, socklen_t slen)
335 {
336 struct addrinfo hints, *ai;
337
338 memset(&hints, '\0', sizeof(hints));
339 hints.ai_flags = AI_NUMERICHOST;
340
341 if (h == NULL || getaddrinfo(h, s, &hints, &ai) != 0)
342 return -1;
343
344 if (ai == NULL)
345 return -1;
346
347 if (ai->ai_addr == NULL) {
348 freeaddrinfo(ai);
349 return -1;
350 }
351
352 if (sa != NULL) {
353 if (slen < ai->ai_addrlen) {
354 freeaddrinfo(ai);
355 return -1;
356 }
357 memcpy(sa, &ai->ai_addr, ai->ai_addrlen);
358 }
359
360 freeaddrinfo(ai);
361 return 0;
362 }
363
364 int
365 addr_ntop(const struct xaddr *n, char *p, size_t len)
366 {
367 struct sockaddr_storage ss;
368 socklen_t slen = sizeof(ss);
369
370 if (addr_xaddr_to_sa(n, _SA(&ss), &slen, 0) == -1)
371 return -1;
372 if (p == NULL || len == 0)
373 return -1;
374 if (getnameinfo(_SA(&ss), slen, p, len, NULL, 0,
375 NI_NUMERICHOST) == -1)
376 return -1;
377
378 return 0;
379 }
380
381 /*
382 * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
383 * Return -1 on parse error, -2 on inconsistency or 0 on success.
384 */
385 int
386 addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
387 {
388 struct xaddr tmp;
389 long unsigned int masklen = 999;
390 char addrbuf[64], *mp, *cp;
391
392 /* Don't modify argument */
393 if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
394 return -1;
395
396 if ((mp = strchr(addrbuf, '/')) != NULL) {
397 *mp = '\0';
398 mp++;
399 masklen = strtoul(mp, &cp, 10);
400 if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128)
401 return -1;
402 }
403
404 if (addr_pton(addrbuf, &tmp) == -1)
405 return -1;
406
407 if (mp == NULL)
408 masklen = addr_unicast_masklen(tmp.af);
409 if (masklen_valid(tmp.af, masklen) == -1)
410 return -2;
411 if (addr_host_is_all0s(&tmp, masklen) != 0)
412 return -2;
413
414 if (n != NULL)
415 memcpy(n, &tmp, sizeof(*n));
416 if (l != NULL)
417 *l = masklen;
418
419 return 0;
420 }
421
422 int
423 addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
424 {
425 struct xaddr tmp_mask, tmp_result;
426
427 if (host->af != net->af)
428 return -1;
429
430 if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
431 return -1;
432 if (addr_and(&tmp_result, host, &tmp_mask) == -1)
433 return -1;
434 return addr_cmp(&tmp_result, net);
435 }
DragonFly BSD