From 913863a72e5dc0da1fcbffe2cd562bb6e903a454 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 12 Apr 2026 20:21:15 +0200
Subject: [PATCH] Services: Kea DHCP: Kea DHCPv6 - fix "Delegated length must
 be longer than or equal to prefix length" validation, closes
 https://github.com/opnsense/core/issues/10146

While here, also fix a prefix validation (when x::/64 is specified for example).
---
 src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php b/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
index a6279f4a2c..a8f73eb6c4 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
@@ -87,12 +87,15 @@ class KeaDhcpv6 extends BaseModel
                 continue;
             }
             $key = $pool->__reference;
-            if ($pool->prefix_len->getValue() >= $pool->delegated_len->getValue()) {
+            if ($pool->prefix_len->asInt() > $pool->delegated_len->asInt()) {
                 $messages->appendMessage(new Message(gettext("Delegated length must be longer than or equal to prefix length"), $key . ".delegated_len"));
             }
             $subnet = $pool->prefix->getValue() . "/" . $pool->prefix_len->getValue();
             $trange = Util::cidrToRange($subnet);
-            if (!Util::isSubnetStrict($subnet)) {
+            if (empty($trange)) {
+                $messages->appendMessage(new Message(gettext("Invalid Prefix specified"), $key . ".prefix"));
+                continue;
+            } elseif (!Util::isSubnetStrict($subnet)) {
                 $messages->appendMessage(new Message(gettext("Invalid Pool boundaries, offered address is not the first address in the prefix."), $key . ".prefix"));
             }
             foreach ($this->pd_pools->pd_pool->iterateItems() as $tmppool) {