When attempting to delete an inet6 address using ifconfig on FreeBSD, if the netmask keyword is mistakenly used in place of prefixlen, ifconfig crashes with a segmentation fault. Although this is a misuse of syntax, the utility should gracefully handle the error and return a usage or invalid argument error rather than crashing. Steps to reproduce: 1) Add an IPv6 address: ifconfig lo0 inet6 2001:db8::1234/64 2) Try to delete it using the wrong keyword: ifconfig lo0 inet6 2001:db8::1234 netmask 64 delete Expected result: ifconfig should reject the unsupported netmask keyword for IPv6 with an error message and exit non-zero or treat it exactly like prefixlen? Actual result: ifconfig crashes with: Program received signal SIGSEGV, Segmentation fault. Address not mapped to object. in6_getaddr (addr_str="64", which=2) at af_inet6.c:431 431 px->set = true; System version: FreeBSD bsd-box 14.2-RELEASE-p1 FreeBSD 14.2-RELEASE-p1 GENERIC amd64 Notes: Using the correct syntax works as expected: ifconfig lo0 inet6 2001:db8::1234 prefixlen 64 delete This appears to be a missing parser alias for netmask → prefixlen in the IPv6 command table. Patch: Please see the following patch, which simply adds a netmask alias so that IPv6 treats it identically to prefixlen, preventing the NULL-deref: --- af_inet6.c.orig 2025-05-18 19:43:25.886739000 +0400 +++ af_inet6.c 2025-05-18 19:43:31.009653000 +0400 @@ -693,6 +693,7 @@ static struct cmd inet6_cmds[] = { DEF_CMD_ARG("prefixlen", setifprefixlen), + DEF_CMD_ARG("netmask", setifprefixlen), DEF_CMD("anycast", IN6_IFF_ANYCAST, setip6flags), DEF_CMD("tentative", IN6_IFF_TENTATIVE,setip6flags), DEF_CMD("-tentative", -IN6_IFF_TENTATIVE,setip6flags), This patch has been tested on 14.2-RELEASE-p1 and prevents the segfault without altering any other behavior.
Created attachment 260518 [details] fix.netmask.and.brodcast.setting.with.ifconfig.diff I don't know if we should use "netmask" keyword for prefix length, if so, at least ifconfig(8) needs to be updated along with this change. Try this patch. I will prevent segfaults.
Yeah that patch works as well
Created attachment 260519 [details] 0001-ifconfig-fix-segfaults-when-broadcast-or-netmask-are.patch Thanks for reporting. If the assignee for this bug accepts the solution, I’ve prepared a patch that can be applied using am. Of course, it's possible the bug will be resolved in a different way.
proposed patch at https://reviews.freebsd.org/D50413
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=59ee9260e6bbcc3b5654126eed6e9490315c81f1 commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1 Author: Lexi Winter <ivy@FreeBSD.org> AuthorDate: 2025-05-21 03:59:59 +0000 Commit: Lexi Winter <ivy@FreeBSD.org> CommitDate: 2025-05-21 05:46:17 +0000 ifconfig: reject netmask and broadcast for inet6 We don't support setting netmask or broadcast address for INET6 addresses, and trying to do crashes ifconfig. Handle this the same way as af_link, by rejecting attempts to configure these parameters. PR: 286910 Reported by: Hayzam Sherif <hayzam@alchemilla.io> MFC after: 3 days Reviewed by: zlei, kevans, des, cy Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D50413 sbin/ifconfig/af_inet6.c | 5 +++ sbin/ifconfig/tests/Makefile | 7 +++- sbin/ifconfig/tests/inet6.sh (new) | 84 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 2 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=cf624ffa812c90f8bd4b37f42488db1e782be883 commit cf624ffa812c90f8bd4b37f42488db1e782be883 Author: Lexi Winter <ivy@FreeBSD.org> AuthorDate: 2025-05-21 03:59:59 +0000 Commit: Lexi Winter <ivy@FreeBSD.org> CommitDate: 2025-06-01 09:14:52 +0000 ifconfig: reject netmask and broadcast for inet6 We don't support setting netmask or broadcast address for INET6 addresses, and trying to do crashes ifconfig. Handle this the same way as af_link, by rejecting attempts to configure these parameters. PR: 286910 Reported by: Hayzam Sherif <hayzam@alchemilla.io> MFC after: 3 days Reviewed by: zlei, kevans, des, cy Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D50413 (cherry picked from commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1) ifconfig tests: remove incorrect #! Fixes: 59ee9260e6bb ("ifconfig: reject netmask and broadcast for inet6") Reviewed by: des Differential Revision: https://reviews.freebsd.org/D50566 (cherry picked from commit 6ab70fbec4236a940275a42e301f76ade7faacbf) sbin/ifconfig/af_inet6.c | 5 +++ sbin/ifconfig/tests/Makefile | 6 ++- sbin/ifconfig/tests/inet6.sh (new) | 83 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+), 2 deletions(-)
no MFC for stable/13 since the bug doesn't exist there. thanks for the detailed bug report.