[master] Server now handles prefix/pool prefix length mismatches

Merged in 35378.

RELNOTES

@@ -1064,6 +1064,17 @@ by Eric Young (eay@cryptsoft.com).
   the issue to our attention.
   [ISC-Bugs #41976]
 
+- The server nows checks both the address and length of a prefix delegation
+  when attempting to match it to a prefix pool.  This ensures the server
+  responds properly when pool configurations change such that once valid,
+  "in-pool" delegations are now treated as being invalid.  During lease
+  file loading at startup, the server will discard any PD leases that
+  are deemed "out-of-pool" either by address or mis-matched prefix length.
+  Clients seeking to renew or rebind such leases will get a response of
+  No Binding in the case of the former, and the prefix delegation with
+  lifetimes set to zero in the case of the latter.
+  [ISC-Bugs #35378]
+
 			Changes since 4.2.0 (new features)
 
 - If a client renews before 'dhcp-cache-threshold' percent of its lease

server/confpars.c

@@ -5974,13 +5974,16 @@ parse_ia_pd_declaration(struct parse *cfile) {
 			executable_statement_dereference (&on_star[i], MDL);
 		}
 			
-		/* find the pool this address is in */
+		/* Find the pool this address is in. We need to check prefix
+		 * lengths too in case the pool has been reconfigured. */
 		pool = NULL;
-		if (find_ipv6_pool(&pool, D6O_IA_PD,
+		if ((find_ipv6_pool(&pool, D6O_IA_PD,
-				   &iapref->addr) != ISC_R_SUCCESS) {
+				   &iapref->addr) != ISC_R_SUCCESS) ||
+		     (pool->units != iapref->plen)) {
 			inet_ntop(AF_INET6, &iapref->addr,
 				  addr_buf, sizeof(addr_buf));
-			log_error("No pool found for prefix %s", addr_buf);
+			log_error("No pool found for prefix %s/%d", addr_buf,
+				  iapref->plen);
 			iasubopt_dereference(&iapref, MDL);
 			continue;
 		}

server/dhcpv6.c

@@ -1437,22 +1437,25 @@ try_client_v6_prefix(struct iasubopt **pref,
 	if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
 		return DHCP_R_INVALIDARG;
 	}
+
 	tmp_plen = (int) requested_pref->data[0];
-	if ((tmp_plen < 3) || (tmp_plen > 128) ||
+	if ((tmp_plen < 3) || (tmp_plen > 128)) {
-	    ((int)tmp_plen != pool->units)) {
 		return ISC_R_FAILURE;
 	}
+
 	memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
 	if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
 		return ISC_R_FAILURE;
 	}
+
 	ia.len = 16;
 	memcpy(&ia.iabuf, &tmp_pref, 16);
 	if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
 		return ISC_R_FAILURE;
 	}
 
-	if (!ipv6_in_pool(&tmp_pref, pool)) {
+	if (!ipv6_in_pool(&tmp_pref, pool) ||
+	    ((int)tmp_plen != pool->units)) {
 		return ISC_R_ADDRNOTAVAIL;
 	}
 
@@ -1464,6 +1467,7 @@ try_client_v6_prefix(struct iasubopt **pref,
 	if (result != ISC_R_SUCCESS) {
 		return result;
 	}
+
 	(*pref)->addr = tmp_pref;
 	(*pref)->plen = tmp_plen;
 
@@ -1472,6 +1476,7 @@ try_client_v6_prefix(struct iasubopt **pref,
 	if (result != ISC_R_SUCCESS) {
 		iasubopt_dereference(pref, MDL);
 	}
+
 	return result;
 }
 
@@ -1688,13 +1693,6 @@ eval_prefix_mode(int len, int preflen, int prefix_mode) {
 		break;
 	}
 
-#if defined (DEBUG)
-	log_debug("eval_prefix_mode: "
-		  "len %d, preflen %d, mode %s, use_it %d",
-		  len, preflen,
-		  prefix_length_modes.values[prefix_mode].name, use_it);
-#endif
-
 	return (use_it);
 }