diff options
author | Dave Barach <dave@barachs.net> | 2020-05-04 12:33:18 -0400 |
---|---|---|
committer | Dave Wallace <dwallacelf@gmail.com> | 2020-05-04 21:12:03 +0000 |
commit | bdfe5955f59a735fd8d70e9026f8c1867a4c8cc6 (patch) | |
tree | de7282d604ff926c42ef181645921e146f92a1f5 | |
parent | 08ad7804d513aefff1566a00d4dc6c62b52c509d (diff) |
ethernet: add sanity checks to p2p_ethernet_add/del
Binary API message handlers need to check sw_if_index
values.
Found in binary api fuzz testing.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
-rw-r--r-- | src/vnet/ethernet/p2p_ethernet.api | 19 | ||||
-rw-r--r-- | src/vnet/ethernet/p2p_ethernet_api.c | 22 |
2 files changed, 41 insertions, 0 deletions
diff --git a/src/vnet/ethernet/p2p_ethernet.api b/src/vnet/ethernet/p2p_ethernet.api index 64e19a05f57..51867caaee2 100644 --- a/src/vnet/ethernet/p2p_ethernet.api +++ b/src/vnet/ethernet/p2p_ethernet.api @@ -18,6 +18,18 @@ option version = "1.0.0"; import "vnet/interface_types.api"; import "vnet/ethernet/ethernet_types.api"; +/** \brief Create a point-to-point (p2p) Ethernet sub-interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param parent_if_index - index of the parent interface + @param subif_id - subinterface index identifier + @param remote_mac - client MAC address + @retval VNET_API_ERROR_INVALID_SW_IF_INDEX on invalid parent_if_index + @retval VNET_API_ERROR_INVALID_SW_IF_INDEX_2 on invalid subif_id + @retval VNET_API_ERROR_BOND_SLAVE_NOT_ALLOWED + @retval VNET_API_ERROR_SUBIF_ALREADY_EXISTS + @retval VNET_API_ERROR_SUBIF_CREATE_FAILED +*/ define p2p_ethernet_add { u32 client_index; @@ -34,6 +46,13 @@ define p2p_ethernet_add_reply vl_api_interface_index_t sw_if_index; }; +/** \brief Delete a point-to-point (p2p) Ethernet sub-interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param parent_if_index - index of the parent interface + @param remote_mac - client MAC address + @retval VNET_API_ERROR_SUBIF_DOESNT_EXIST +*/ define p2p_ethernet_del { u32 client_index; diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c index 3bbda6ef361..2c75a51d2f8 100644 --- a/src/vnet/ethernet/p2p_ethernet_api.c +++ b/src/vnet/ethernet/p2p_ethernet_api.c @@ -55,16 +55,31 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp) u32 p2pe_if_index; u8 remote_mac[6]; + if (!vnet_sw_if_index_is_api_valid (parent_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto bad_sw_if_index; + } + if (!vnet_sw_if_index_is_api_valid (sub_id)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX_2; + goto bad_sw_if_index; + } + clib_memcpy (remote_mac, mp->remote_mac, 6); rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, sub_id, 1, &p2pe_if_index); + BAD_SW_IF_INDEX_LABEL; + /* *INDENT-OFF* */ REPLY_MACRO2(VL_API_P2P_ETHERNET_ADD_REPLY, ({ rmp->sw_if_index = htonl(p2pe_if_index); })); + + /* *INDENT-ON* */ } @@ -78,9 +93,16 @@ vl_api_p2p_ethernet_del_t_handler (vl_api_p2p_ethernet_del_t * mp) u32 parent_if_index = htonl (mp->parent_if_index); u8 remote_mac[6]; + if (!vnet_sw_if_index_is_api_valid (parent_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto bad_sw_if_index; + } + clib_memcpy (remote_mac, mp->remote_mac, 6); rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, ~0, 0, 0); + BAD_SW_IF_INDEX_LABEL; REPLY_MACRO (VL_API_P2P_ETHERNET_DEL_REPLY); } |