aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2021-11-22 21:26:20 +0100
committerOle Tr�an <otroan@employees.org>2021-12-14 09:15:48 +0000
commit9b7e8acf792cced80e6775bc5668d9db415cdb46 (patch)
treeb600764a60f9978017a567390a025d2777b864a1 /src/vnet
parent755042dec0fcc733d456adc2a74042c529eff039 (diff)
api: verify message size on receipt
When a message is received, verify that it's sufficiently large to accomodate any VLAs within message. To do that, we need a way to calculate message size including any VLAs. This patch adds such funcionality to vppapigen and necessary C code to use those to validate message size on receipt. Drop messages which are malformed. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ip/ip_api.c4
-rw-r--r--src/vnet/ip/ip_test.c4
-rw-r--r--src/vnet/ipsec/ipsec_test.c4
-rw-r--r--src/vnet/l2/l2_test.c4
-rw-r--r--src/vnet/srmpls/sr_mpls_api.c13
5 files changed, 25 insertions, 4 deletions
diff --git a/src/vnet/ip/ip_api.c b/src/vnet/ip/ip_api.c
index e197057d8c5..b1b7ff3a7ae 100644
--- a/src/vnet/ip/ip_api.c
+++ b/src/vnet/ip/ip_api.c
@@ -514,7 +514,9 @@ vl_api_add_del_ip_punt_redirect_v2_t_handler (
goto out;
if (0 != n_paths)
- vec_validate (rpaths, n_paths - 1);
+ {
+ vec_validate (rpaths, n_paths - 1);
+ }
for (ii = 0; ii < n_paths; ii++)
{
diff --git a/src/vnet/ip/ip_test.c b/src/vnet/ip/ip_test.c
index c47cd3d208e..f87b47f8912 100644
--- a/src/vnet/ip/ip_test.c
+++ b/src/vnet/ip/ip_test.c
@@ -36,6 +36,10 @@
#include <vnet/ip/ip.api.h>
#undef vl_endianfun
+#define vl_calcsizefun
+#include <vnet/ip/ip.api.h>
+#undef vl_calcsizefun
+
typedef struct
{
/* API message ID base */
diff --git a/src/vnet/ipsec/ipsec_test.c b/src/vnet/ipsec/ipsec_test.c
index f399032eb9a..f3a9992e916 100644
--- a/src/vnet/ipsec/ipsec_test.c
+++ b/src/vnet/ipsec/ipsec_test.c
@@ -26,6 +26,10 @@
#include <vnet/ipsec/ipsec.api.h>
#undef vl_endianfun
+#define vl_calcsizefun
+#include <vnet/ipsec/ipsec.api.h>
+#undef vl_calcsizefun
+
typedef struct
{
/* API message ID base */
diff --git a/src/vnet/l2/l2_test.c b/src/vnet/l2/l2_test.c
index c7cd1d255c1..3be4a46223d 100644
--- a/src/vnet/l2/l2_test.c
+++ b/src/vnet/l2/l2_test.c
@@ -28,6 +28,10 @@
#include <vnet/l2/l2.api.h>
#undef vl_endianfun
+#define vl_calcsizefun
+#include <vnet/l2/l2.api.h>
+#undef vl_calcsizefun
+
typedef struct
{
/* API message ID base */
diff --git a/src/vnet/srmpls/sr_mpls_api.c b/src/vnet/srmpls/sr_mpls_api.c
index 7d42f1ba451..45107f08ab1 100644
--- a/src/vnet/srmpls/sr_mpls_api.c
+++ b/src/vnet/srmpls/sr_mpls_api.c
@@ -39,6 +39,10 @@
#include <vnet/srmpls/sr_mpls.api.h>
#undef vl_endianfun
+#define vl_calcsizefun
+#include <vnet/srmpls/sr_mpls.api.h>
+#undef vl_calcsizefun
+
#define vl_printfun
#include <vnet/srmpls/sr_mpls.api.h>
#undef vl_printfun
@@ -194,7 +198,8 @@ sr_mpls_api_hookup (vlib_main_t * vm)
REPLY_MSG_ID_BASE + VL_API_##N, #n, vl_api_##n##_t_handler, \
vl_noop_handler, vl_api_##n##_t_endian, vl_api_##n##_t_print, \
sizeof (vl_api_##n##_t), 1, vl_api_##n##_t_print_json, \
- vl_api_##n##_t_tojson, vl_api_##n##_t_fromjson);
+ vl_api_##n##_t_tojson, vl_api_##n##_t_fromjson, \
+ vl_api_##n##_t_calc_size);
foreach_vpe_api_msg;
#undef _
@@ -207,7 +212,8 @@ sr_mpls_api_hookup (vlib_main_t * vm)
vl_api_sr_mpls_policy_add_t_handler, vl_noop_handler,
vl_api_sr_mpls_policy_add_t_endian, vl_api_sr_mpls_policy_add_t_print, 256,
1, vl_api_sr_mpls_policy_add_t_print_json,
- vl_api_sr_mpls_policy_mod_t_tojson, vl_api_sr_mpls_policy_mod_t_fromjson);
+ vl_api_sr_mpls_policy_add_t_tojson, vl_api_sr_mpls_policy_add_t_fromjson,
+ vl_api_sr_mpls_policy_add_t_calc_size);
/*
* Manually register the sr policy mod msg, so we trace enough bytes
@@ -218,7 +224,8 @@ sr_mpls_api_hookup (vlib_main_t * vm)
vl_api_sr_mpls_policy_mod_t_handler, vl_noop_handler,
vl_api_sr_mpls_policy_mod_t_endian, vl_api_sr_mpls_policy_mod_t_print, 256,
1, vl_api_sr_mpls_policy_mod_t_print_json,
- vl_api_sr_mpls_policy_mod_t_tojson, vl_api_sr_mpls_policy_mod_t_fromjson);
+ vl_api_sr_mpls_policy_mod_t_tojson, vl_api_sr_mpls_policy_mod_t_fromjson,
+ vl_api_sr_mpls_policy_mod_t_calc_size);
/*
* Set up the (msg_name, crc, message-id) table