diff options
| author |   Vladislav Grishenko <themiron@yandex-team.ru> | 2022-09-16 17:01:00 +0000 |
|---|---|---|
| committer |   Neale Ranns <neale@graphiant.com> | 2022-09-19 01:46:57 +0000 |
| commit | a58dae61aea7e781a27ce65462dd38ab55e8599c (patch) | |
| tree | a4274eaf16724c1c3bd8227406fe0d20b3ccac98 | |
| parent | 755b529c11d37f839dfba91127657a47390b88a2 (diff) | |
igmp: validate ip router alert option length
It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
| -rw-r--r-- | src/vnet/ip/ip4_options.c | 5 | ||||
| -rw-r--r-- | test/test_igmp.py | 60 |
2 files changed, 50 insertions, 15 deletions
diff --git a/src/vnet/ip/ip4_options.c b/src/vnet/ip/ip4_options.c index 9b01151a1f0..6ef6b6030cc 100644 --- a/src/vnet/ip/ip4_options.c +++ b/src/vnet/ip/ip4_options.c @@ -78,6 +78,11 @@ VLIB_NODE_FN (ip4_options_node) (vlib_main_t * vm, { case IP4_ROUTER_ALERT_OPTION: /* + * check the option length + */ + if (options[1] != 4) + break; + /* * if it's an IGMP packet, pass up the local stack */ if (IP_PROTOCOL_IGMP == ip4->protocol) diff --git a/test/test_igmp.py b/test/test_igmp.py index 6e9defd4c1d..d1189f57830 100644 --- a/test/test_igmp.py +++ b/test/test_igmp.py @@ -218,7 +218,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -241,7 +243,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -264,7 +268,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -284,7 +290,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -305,7 +313,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -368,7 +378,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -581,7 +593,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -599,7 +613,9 @@ class TestIgmp(VppTestCase): dst="224.0.0.22", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -695,7 +711,9 @@ class TestIgmp(VppTestCase): dst="224.0.0.22", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -769,7 +787,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -791,7 +811,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -817,7 +839,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -844,7 +868,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -865,7 +891,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -894,7 +922,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") |