From e7f34c93b1c928855f88896c5bdd2bc539ee77ae Mon Sep 17 00:00:00 2001
From: Gavril Florian <gflorian@3nets.io>
Date: Thu, 15 Jun 2023 18:39:57 +0000
Subject: fib: Crash when specify a big prefix length from CLI.

The VPP is crashing when specify a very big prefix length, like
ip route add 1.1.1.1/55 via 2.2.2.2

Type: fix

Signed-off-by: Gavril Florian <gflorian@3nets.io>
Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
---
 src/vnet/error.h       |  3 ++-
 src/vnet/fib/fib_api.c |  3 +++
 src/vnet/ip/lookup.c   | 27 +++++++++++++++++++++++++++
 src/vnet/ip/lookup.h   |  1 +
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/vnet/error.h b/src/vnet/error.h
index 3feb8ff04a1..fa1337538c4 100644
--- a/src/vnet/error.h
+++ b/src/vnet/error.h
@@ -158,7 +158,8 @@
   _ (BUSY, -167, "Busy")                                                      \
   _ (BUG, -168, "Bug")                                                        \
   _ (FEATURE_ALREADY_DISABLED, -169, "Feature already disabled")              \
-  _ (FEATURE_ALREADY_ENABLED, -170, "Feature already enabled")
+  _ (FEATURE_ALREADY_ENABLED, -170, "Feature already enabled")                \
+  _ (INVALID_PREFIX_LENGTH, -171, "Invalid prefix length")
 
 typedef enum
 {
diff --git a/src/vnet/fib/fib_api.c b/src/vnet/fib/fib_api.c
index c8511c08eba..07d6699d87a 100644
--- a/src/vnet/fib/fib_api.c
+++ b/src/vnet/fib/fib_api.c
@@ -448,6 +448,9 @@ fib_api_route_add_del (u8 is_add,
                        fib_entry_flag_t entry_flags,
                        fib_route_path_t *rpaths)
 {
+    if (!fib_prefix_validate(prefix)) {
+          return (VNET_API_ERROR_INVALID_PREFIX_LENGTH);
+    }
     if (is_multipath)
     {
         if (vec_len(rpaths) == 0)
diff --git a/src/vnet/ip/lookup.c b/src/vnet/ip/lookup.c
index 5ac2a9c17e2..80a35fefdfc 100644
--- a/src/vnet/ip/lookup.c
+++ b/src/vnet/ip/lookup.c
@@ -220,6 +220,27 @@ const ip46_address_t zero_addr = {
 	     0, 0},
 };
 
+bool
+fib_prefix_validate (const fib_prefix_t *prefix)
+{
+  if (FIB_PROTOCOL_IP4 == prefix->fp_proto)
+    {
+      if (prefix->fp_len > 32)
+	{
+	  return false;
+	}
+    }
+
+  if (FIB_PROTOCOL_IP6 == prefix->fp_proto)
+    {
+      if (prefix->fp_len > 128)
+	{
+	  return false;
+	}
+    }
+  return true;
+}
+
 static clib_error_t *
 vnet_ip_route_cmd (vlib_main_t * vm,
 		   unformat_input_t * main_input, vlib_cli_command_t * cmd)
@@ -353,6 +374,12 @@ vnet_ip_route_cmd (vlib_main_t * vm,
 		.fp_addr = prefixs[i].fp_addr,
 	      };
 
+	      if (!fib_prefix_validate (&rpfx))
+		{
+		  vlib_cli_output (vm, "Invalid prefix len: %d", rpfx.fp_len);
+		  continue;
+		}
+
 	      if (is_del)
 		fib_table_entry_path_remove2 (fib_index,
 					      &rpfx, FIB_SOURCE_CLI, rpaths);
diff --git a/src/vnet/ip/lookup.h b/src/vnet/ip/lookup.h
index aa998273213..4489df1aed8 100644
--- a/src/vnet/ip/lookup.h
+++ b/src/vnet/ip/lookup.h
@@ -179,6 +179,7 @@ ip_lookup_set_buffer_fib_index (u32 * fib_index_by_sw_if_index,
 }
 
 void ip_lookup_init (ip_lookup_main_t * lm, u32 ip_lookup_node_index);
+bool fib_prefix_validate (const fib_prefix_t *prefix);
 
 #endif /* included_ip_lookup_h */
 /*
-- 
cgit 1.2.3-korg