aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2020-05-04 12:33:18 -0400
committerDave Wallace <dwallacelf@gmail.com>2020-05-04 21:12:03 +0000
commitbdfe5955f59a735fd8d70e9026f8c1867a4c8cc6 (patch)
treede7282d604ff926c42ef181645921e146f92a1f5
parent08ad7804d513aefff1566a00d4dc6c62b52c509d (diff)
ethernet: add sanity checks to p2p_ethernet_add/del
Binary API message handlers need to check sw_if_index values. Found in binary api fuzz testing. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
-rw-r--r--src/vnet/ethernet/p2p_ethernet.api19
-rw-r--r--src/vnet/ethernet/p2p_ethernet_api.c22
2 files changed, 41 insertions, 0 deletions
diff --git a/src/vnet/ethernet/p2p_ethernet.api b/src/vnet/ethernet/p2p_ethernet.api
index 64e19a05f57..51867caaee2 100644
--- a/src/vnet/ethernet/p2p_ethernet.api
+++ b/src/vnet/ethernet/p2p_ethernet.api
@@ -18,6 +18,18 @@ option version = "1.0.0";
import "vnet/interface_types.api";
import "vnet/ethernet/ethernet_types.api";
+/** \brief Create a point-to-point (p2p) Ethernet sub-interface
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param parent_if_index - index of the parent interface
+ @param subif_id - subinterface index identifier
+ @param remote_mac - client MAC address
+ @retval VNET_API_ERROR_INVALID_SW_IF_INDEX on invalid parent_if_index
+ @retval VNET_API_ERROR_INVALID_SW_IF_INDEX_2 on invalid subif_id
+ @retval VNET_API_ERROR_BOND_SLAVE_NOT_ALLOWED
+ @retval VNET_API_ERROR_SUBIF_ALREADY_EXISTS
+ @retval VNET_API_ERROR_SUBIF_CREATE_FAILED
+*/
define p2p_ethernet_add
{
u32 client_index;
@@ -34,6 +46,13 @@ define p2p_ethernet_add_reply
vl_api_interface_index_t sw_if_index;
};
+/** \brief Delete a point-to-point (p2p) Ethernet sub-interface
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param parent_if_index - index of the parent interface
+ @param remote_mac - client MAC address
+ @retval VNET_API_ERROR_SUBIF_DOESNT_EXIST
+*/
define p2p_ethernet_del
{
u32 client_index;
diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c
index 3bbda6ef361..2c75a51d2f8 100644
--- a/src/vnet/ethernet/p2p_ethernet_api.c
+++ b/src/vnet/ethernet/p2p_ethernet_api.c
@@ -55,16 +55,31 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp)
u32 p2pe_if_index;
u8 remote_mac[6];
+ if (!vnet_sw_if_index_is_api_valid (parent_if_index))
+ {
+ rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+ goto bad_sw_if_index;
+ }
+ if (!vnet_sw_if_index_is_api_valid (sub_id))
+ {
+ rv = VNET_API_ERROR_INVALID_SW_IF_INDEX_2;
+ goto bad_sw_if_index;
+ }
+
clib_memcpy (remote_mac, mp->remote_mac, 6);
rv =
p2p_ethernet_add_del (vm, parent_if_index, remote_mac, sub_id, 1,
&p2pe_if_index);
+ BAD_SW_IF_INDEX_LABEL;
+
/* *INDENT-OFF* */
REPLY_MACRO2(VL_API_P2P_ETHERNET_ADD_REPLY,
({
rmp->sw_if_index = htonl(p2pe_if_index);
}));
+
+
/* *INDENT-ON* */
}
@@ -78,9 +93,16 @@ vl_api_p2p_ethernet_del_t_handler (vl_api_p2p_ethernet_del_t * mp)
u32 parent_if_index = htonl (mp->parent_if_index);
u8 remote_mac[6];
+ if (!vnet_sw_if_index_is_api_valid (parent_if_index))
+ {
+ rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+ goto bad_sw_if_index;
+ }
+
clib_memcpy (remote_mac, mp->remote_mac, 6);
rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, ~0, 0, 0);
+ BAD_SW_IF_INDEX_LABEL;
REPLY_MACRO (VL_API_P2P_ETHERNET_DEL_REPLY);
}