From 81b7335912ce901c61b923218bcdf06a4fdcea07 Mon Sep 17 00:00:00 2001
From: Philipp Kern <phil@philkern.de>
Date: Fri, 23 Jun 2023 10:39:52 +0200
Subject: [PATCH 1/2] sd-dhcp6-lease: ignore invalid byte(s) at the end of the
 packet

Oracle Cloud sends malformed DHCPv6 replies that have an invalid
byte at the end, which cannot be parsed as an option code.

networkd currently can cope with the invalid option (it is ignored),
but the whole packet is ignored altogether because of the additional
null at the end.

It's better to be liberal in what we accept and actually assign an
address, given that the reply contains a valid IA_NA.

Fixes #28183.
---
 src/libsystemd-network/sd-dhcp6-lease.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
index d14c412c1fb..1c6b231db6a 100644
--- a/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/libsystemd-network/sd-dhcp6-lease.c
@@ -465,6 +465,11 @@ static int dhcp6_lease_parse_message(
                 size_t optlen;
                 const uint8_t *optval;
 
+                if (len - offset < offsetof(DHCP6Option, data)) {
+                        log_dhcp6_client(client, "Ignoring %zu invalid byte(s) at the end of the packet", len - offset);
+                        break;
+                }
+
                 r = dhcp6_option_parse(message->options, len, &offset, &optcode, &optlen, &optval);
                 if (r < 0)
                         return log_dhcp6_client_errno(client, r,

From 894f4417640286fa350203d70d858e11e261a3e0 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 30 Jun 2023 01:14:00 +0900
Subject: [PATCH 2/2] test: add test for trailing invalid byte at the end

---
 src/libsystemd-network/test-dhcp6-client.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
index 00c11909c92..6b1842f1f89 100644
--- a/src/libsystemd-network/test-dhcp6-client.c
+++ b/src/libsystemd-network/test-dhcp6-client.c
@@ -461,6 +461,8 @@ TEST(client_parse_message_issue_24002) {
                 0x20, 0x03, 0x00, 0xff, 0xaa, 0xbb, 0xcc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* prefix */
                 /* Rapid commit */
                 0x00, 0x0e, 0x00, 0x00,
+                /* Trailing invalid byte at the end. See issue #28183. */
+                00,
         };
         static const uint8_t duid[] = {
                 0x00, 0x00, 0xab, 0x11, 0x5c, 0x6b, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,