From 3cab64296a5e0739552f1d959c5efc7fd49cc1d5 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 16 Jan 2018 20:44:06 -0500
Subject: add check for ipv6 address syntax

---
 src/firejail/main.c    | 16 +++++++++-------
 src/firejail/network.c | 21 ++++++++++++++++++++-
 src/firejail/profile.c | 16 +++++++++-------
 3 files changed, 38 insertions(+), 15 deletions(-)

(limited to 'src')

diff --git a/src/firejail/main.c b/src/firejail/main.c
index b2b4fe525..9cd89d42c 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2034,18 +2034,20 @@ int main(int argc, char **argv) {
 					fprintf(stderr, "Error: no network device configured\n");
 					exit(1);
 				}
-				if (br->arg_ip_none || br->ip6sandbox) {
+				if (br->ip6sandbox) {
 					fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
 					exit(1);
 				}
 
 				// configure this IP address for the last bridge defined
-				// todo: verify ipv6 syntax
-				br->ip6sandbox = argv[i] + 6;
-//				if (atoip(argv[i] + 5, &br->ipsandbox)) {
-//					fprintf(stderr, "Error: invalid IP address\n");
-//					exit(1);
-//				}
+				if (check_ip46_address(argv[i] + 6) == 0) {
+					fprintf(stderr, "Error: invalid IPv6 address\n");
+					exit(1);
+				}
+
+				br->ip6sandbox = strdup(argv[i] + 6);
+				if (br->ip6sandbox == NULL)
+					errExit("strdup");
 			}
 			else
 				exit_err_feature("networking");
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 5ebaf873c..7b84854d3 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -37,8 +37,27 @@ int check_ip46_address(const char *addr) {
 
 	// check ipv6 address
 	struct in6_addr result;
-	if (inet_pton(AF_INET6, addr, &result) == 1)
+
+	char *tmpstr = strdup(addr);
+	if (!tmpstr)
+		errExit("strdup");
+	char *ptr = strchr(tmpstr, '/');
+	if (ptr) {
+		*ptr = '\0';
+		ptr++;
+		int mask = atoi(ptr);
+		// check the network mask
+		if (mask < 0 || mask > 128) {
+			free(tmpstr);
+			return 0;
+		}
+	}
+	if (inet_pton(AF_INET6, tmpstr, &result) == 1) {
+		free(tmpstr);
 		return 1;
+	}
+
+	free(tmpstr);
 
 	// failed
 	return 0;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index c14f2b1f3..d0c43d13e 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -502,18 +502,20 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: no network device configured\n");
 				exit(1);
 			}
-			if (br->arg_ip_none || br->ip6sandbox) {
+			if (br->ip6sandbox) {
 				fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
 				exit(1);
 			}
 
 			// configure this IP address for the last bridge defined
-			// todo: verify ipv6 syntax
-			br->ip6sandbox = ptr + 4;
-//			if (atoip(argv[i] + 5, &br->ipsandbox)) {
-//				fprintf(stderr, "Error: invalid IP address\n");
-//				exit(1);
-//			}
+			if (check_ip46_address(ptr + 4) == 0) {
+				fprintf(stderr, "Error: invalid IPv6 address\n");
+				exit(1);
+			}
+
+			br->ip6sandbox = strdup(ptr + 4);
+			if (br->ip6sandbox == NULL)
+				errExit("strdup");
 
 		}
 		else
-- 
cgit v1.2.3-54-g00ecf