nat: deterministic: disallow invalid config

Prevent overflow if input network prefix is too small and crash on packet #1 due to vector not being allocated/initialized. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8 (cherry picked from commit f3d7bd9d4d652b1c4b687267acdb9fdb908a74bd)
author: Klement Sekera <ksekera@cisco.com> 2020-06-23 13:12:33 +0000
committer: Andrew Yourtchenko <ayourtch@gmail.com> 2020-08-18 19:47:21 +0000
commit: bef1019aa30a93c4eb4ca7da48651c920609b23c (patch)
tree: e12c582a216c3298f0252626e6e9195ecef5bc19 /src/plugins/nat/nat44_cli.c
parent: ccaef621a8f11ac84b29d2b86c931facb4aa22b0 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index e9d3ff5426f..8910f1c6c0a 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -1528,8 +1528,13 @@ snat_det_map_command_fn (vlib_main_t * vm,
 	}
     }
 
-  rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
-			 is_add);
+  if (in_plen > 32 || out_plen > 32)
+    {
+      error = clib_error_return (0, "network prefix length must be <= 32");
+      goto done;
+    }
+
+  rv = snat_det_add_map (sm, &in_addr, in_plen, &out_addr, out_plen, is_add);
 
   if (rv)
     {
author	Klement Sekera <ksekera@cisco.com>	2020-06-23 13:12:33 +0000
committer	Andrew Yourtchenko <ayourtch@gmail.com>	2020-08-18 19:47:21 +0000
commit	bef1019aa30a93c4eb4ca7da48651c920609b23c (patch)
tree	e12c582a216c3298f0252626e6e9195ecef5bc19 /src/plugins/nat/nat44_cli.c
parent	ccaef621a8f11ac84b29d2b86c931facb4aa22b0 (diff)