ethernet: add sanity checks to p2p_ethernet_add/del

Binary API message handlers need to check sw_if_index
values.

Found in binary api fuzz testing.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c
index 3bbda6ef361..2c75a51d2f8 100644
--- a/src/vnet/ethernet/p2p_ethernet_api.c
+++ b/src/vnet/ethernet/p2p_ethernet_api.c
@@ -55,16 +55,31 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp)
   u32 p2pe_if_index;
   u8 remote_mac[6];
 
+  if (!vnet_sw_if_index_is_api_valid (parent_if_index))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+      goto bad_sw_if_index;
+    }
+  if (!vnet_sw_if_index_is_api_valid (sub_id))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX_2;
+      goto bad_sw_if_index;
+    }
+
   clib_memcpy (remote_mac, mp->remote_mac, 6);
   rv =
     p2p_ethernet_add_del (vm, parent_if_index, remote_mac, sub_id, 1,
 			  &p2pe_if_index);
 
+  BAD_SW_IF_INDEX_LABEL;
+
   /* *INDENT-OFF* */
   REPLY_MACRO2(VL_API_P2P_ETHERNET_ADD_REPLY,
   ({
     rmp->sw_if_index = htonl(p2pe_if_index);
   }));
+
+
   /* *INDENT-ON* */
 }
 
@@ -78,9 +93,16 @@ vl_api_p2p_ethernet_del_t_handler (vl_api_p2p_ethernet_del_t * mp)
   u32 parent_if_index = htonl (mp->parent_if_index);
   u8 remote_mac[6];
 
+  if (!vnet_sw_if_index_is_api_valid (parent_if_index))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+      goto bad_sw_if_index;
+    }
+
   clib_memcpy (remote_mac, mp->remote_mac, 6);
   rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, ~0, 0, 0);
 
+  BAD_SW_IF_INDEX_LABEL;
   REPLY_MACRO (VL_API_P2P_ETHERNET_DEL_REPLY);
 }