diff options
author | Neale Ranns <nranns@cisco.com> | 2018-07-11 09:21:06 -0700 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2018-07-12 10:26:10 +0000 |
commit | 582856273c96113a460896a5ff9aa9a29dc73336 (patch) | |
tree | dea27e72aad1b1dbb5820e5571d0c87097831f47 /src/plugins/igmp/igmp_report.c | |
parent | daa1276fbfdb11e9c705b5ea05e83570b8163ad8 (diff) |
IGMP: validate the packets length in the DP
thanks to coverity... validate that the length of the packet on
wire matches the size of the header based on the number of groups
and sources. drop those that don't match.
Change-Id: Iab3f3a835f6a43d9c73c5d502ea5ceccdd6985b0
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/plugins/igmp/igmp_report.c')
-rw-r--r-- | src/plugins/igmp/igmp_report.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/plugins/igmp/igmp_report.c b/src/plugins/igmp/igmp_report.c index 328b890c15e..2caa9361b70 100644 --- a/src/plugins/igmp/igmp_report.c +++ b/src/plugins/igmp/igmp_report.c @@ -25,6 +25,10 @@ igmp_group_mk_source_list (const igmp_membership_group_v3_t * r) const ip4_address_t *s; u16 ii, n; + /* + * we validated this packet when we accepted it in the DP, so + * this number is safe to use + */ n = clib_net_to_host_u16 (r->n_src_addresses); if (0 == n) @@ -172,6 +176,10 @@ igmp_handle_report (const igmp_report_args_t * args) return; } + /* + * we validated this packet when we accepted it in the DP, so + * this number is safe to use + */ n_groups = clib_net_to_host_u16 (args->report[0].n_groups); igmp_group = args->report[0].groups; |