diff options
author | Klement Sekera <ksekera@cisco.com> | 2021-11-22 21:26:20 +0100 |
---|---|---|
committer | Ole Tr�an <otroan@employees.org> | 2021-12-14 09:15:48 +0000 |
commit | 9b7e8acf792cced80e6775bc5668d9db415cdb46 (patch) | |
tree | b600764a60f9978017a567390a025d2777b864a1 /src/vnet | |
parent | 755042dec0fcc733d456adc2a74042c529eff039 (diff) |
api: verify message size on receipt
When a message is received, verify that it's sufficiently large to
accomodate any VLAs within message. To do that, we need a way to
calculate message size including any VLAs. This patch adds such
funcionality to vppapigen and necessary C code to use those to validate
message size on receipt. Drop messages which are malformed.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ip/ip_api.c | 4 | ||||
-rw-r--r-- | src/vnet/ip/ip_test.c | 4 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_test.c | 4 | ||||
-rw-r--r-- | src/vnet/l2/l2_test.c | 4 | ||||
-rw-r--r-- | src/vnet/srmpls/sr_mpls_api.c | 13 |
5 files changed, 25 insertions, 4 deletions
diff --git a/src/vnet/ip/ip_api.c b/src/vnet/ip/ip_api.c index e197057d8c5..b1b7ff3a7ae 100644 --- a/src/vnet/ip/ip_api.c +++ b/src/vnet/ip/ip_api.c @@ -514,7 +514,9 @@ vl_api_add_del_ip_punt_redirect_v2_t_handler ( goto out; if (0 != n_paths) - vec_validate (rpaths, n_paths - 1); + { + vec_validate (rpaths, n_paths - 1); + } for (ii = 0; ii < n_paths; ii++) { diff --git a/src/vnet/ip/ip_test.c b/src/vnet/ip/ip_test.c index c47cd3d208e..f87b47f8912 100644 --- a/src/vnet/ip/ip_test.c +++ b/src/vnet/ip/ip_test.c @@ -36,6 +36,10 @@ #include <vnet/ip/ip.api.h> #undef vl_endianfun +#define vl_calcsizefun +#include <vnet/ip/ip.api.h> +#undef vl_calcsizefun + typedef struct { /* API message ID base */ diff --git a/src/vnet/ipsec/ipsec_test.c b/src/vnet/ipsec/ipsec_test.c index f399032eb9a..f3a9992e916 100644 --- a/src/vnet/ipsec/ipsec_test.c +++ b/src/vnet/ipsec/ipsec_test.c @@ -26,6 +26,10 @@ #include <vnet/ipsec/ipsec.api.h> #undef vl_endianfun +#define vl_calcsizefun +#include <vnet/ipsec/ipsec.api.h> +#undef vl_calcsizefun + typedef struct { /* API message ID base */ diff --git a/src/vnet/l2/l2_test.c b/src/vnet/l2/l2_test.c index c7cd1d255c1..3be4a46223d 100644 --- a/src/vnet/l2/l2_test.c +++ b/src/vnet/l2/l2_test.c @@ -28,6 +28,10 @@ #include <vnet/l2/l2.api.h> #undef vl_endianfun +#define vl_calcsizefun +#include <vnet/l2/l2.api.h> +#undef vl_calcsizefun + typedef struct { /* API message ID base */ diff --git a/src/vnet/srmpls/sr_mpls_api.c b/src/vnet/srmpls/sr_mpls_api.c index 7d42f1ba451..45107f08ab1 100644 --- a/src/vnet/srmpls/sr_mpls_api.c +++ b/src/vnet/srmpls/sr_mpls_api.c @@ -39,6 +39,10 @@ #include <vnet/srmpls/sr_mpls.api.h> #undef vl_endianfun +#define vl_calcsizefun +#include <vnet/srmpls/sr_mpls.api.h> +#undef vl_calcsizefun + #define vl_printfun #include <vnet/srmpls/sr_mpls.api.h> #undef vl_printfun @@ -194,7 +198,8 @@ sr_mpls_api_hookup (vlib_main_t * vm) REPLY_MSG_ID_BASE + VL_API_##N, #n, vl_api_##n##_t_handler, \ vl_noop_handler, vl_api_##n##_t_endian, vl_api_##n##_t_print, \ sizeof (vl_api_##n##_t), 1, vl_api_##n##_t_print_json, \ - vl_api_##n##_t_tojson, vl_api_##n##_t_fromjson); + vl_api_##n##_t_tojson, vl_api_##n##_t_fromjson, \ + vl_api_##n##_t_calc_size); foreach_vpe_api_msg; #undef _ @@ -207,7 +212,8 @@ sr_mpls_api_hookup (vlib_main_t * vm) vl_api_sr_mpls_policy_add_t_handler, vl_noop_handler, vl_api_sr_mpls_policy_add_t_endian, vl_api_sr_mpls_policy_add_t_print, 256, 1, vl_api_sr_mpls_policy_add_t_print_json, - vl_api_sr_mpls_policy_mod_t_tojson, vl_api_sr_mpls_policy_mod_t_fromjson); + vl_api_sr_mpls_policy_add_t_tojson, vl_api_sr_mpls_policy_add_t_fromjson, + vl_api_sr_mpls_policy_add_t_calc_size); /* * Manually register the sr policy mod msg, so we trace enough bytes @@ -218,7 +224,8 @@ sr_mpls_api_hookup (vlib_main_t * vm) vl_api_sr_mpls_policy_mod_t_handler, vl_noop_handler, vl_api_sr_mpls_policy_mod_t_endian, vl_api_sr_mpls_policy_mod_t_print, 256, 1, vl_api_sr_mpls_policy_mod_t_print_json, - vl_api_sr_mpls_policy_mod_t_tojson, vl_api_sr_mpls_policy_mod_t_fromjson); + vl_api_sr_mpls_policy_mod_t_tojson, vl_api_sr_mpls_policy_mod_t_fromjson, + vl_api_sr_mpls_policy_mod_t_calc_size); /* * Set up the (msg_name, crc, message-id) table |