aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorGavril Florian <gflorian@3nets.io>2023-06-15 18:39:57 +0000
committerDamjan Marion <dmarion@0xa5.net>2023-10-01 20:59:58 +0000
commite7f34c93b1c928855f88896c5bdd2bc539ee77ae (patch)
treeded9269a70adbc6dde267312243c281a53b4134c /src/vnet
parent35f8ee6921f3995c12502c352d25487c6a6fc290 (diff)
fib: Crash when specify a big prefix length from CLI.
The VPP is crashing when specify a very big prefix length, like ip route add 1.1.1.1/55 via 2.2.2.2 Type: fix Signed-off-by: Gavril Florian <gflorian@3nets.io> Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/error.h3
-rw-r--r--src/vnet/fib/fib_api.c3
-rw-r--r--src/vnet/ip/lookup.c27
-rw-r--r--src/vnet/ip/lookup.h1
4 files changed, 33 insertions, 1 deletions
diff --git a/src/vnet/error.h b/src/vnet/error.h
index 3feb8ff04a1..fa1337538c4 100644
--- a/src/vnet/error.h
+++ b/src/vnet/error.h
@@ -158,7 +158,8 @@
_ (BUSY, -167, "Busy") \
_ (BUG, -168, "Bug") \
_ (FEATURE_ALREADY_DISABLED, -169, "Feature already disabled") \
- _ (FEATURE_ALREADY_ENABLED, -170, "Feature already enabled")
+ _ (FEATURE_ALREADY_ENABLED, -170, "Feature already enabled") \
+ _ (INVALID_PREFIX_LENGTH, -171, "Invalid prefix length")
typedef enum
{
diff --git a/src/vnet/fib/fib_api.c b/src/vnet/fib/fib_api.c
index c8511c08eba..07d6699d87a 100644
--- a/src/vnet/fib/fib_api.c
+++ b/src/vnet/fib/fib_api.c
@@ -448,6 +448,9 @@ fib_api_route_add_del (u8 is_add,
fib_entry_flag_t entry_flags,
fib_route_path_t *rpaths)
{
+ if (!fib_prefix_validate(prefix)) {
+ return (VNET_API_ERROR_INVALID_PREFIX_LENGTH);
+ }
if (is_multipath)
{
if (vec_len(rpaths) == 0)
diff --git a/src/vnet/ip/lookup.c b/src/vnet/ip/lookup.c
index 5ac2a9c17e2..80a35fefdfc 100644
--- a/src/vnet/ip/lookup.c
+++ b/src/vnet/ip/lookup.c
@@ -220,6 +220,27 @@ const ip46_address_t zero_addr = {
0, 0},
};
+bool
+fib_prefix_validate (const fib_prefix_t *prefix)
+{
+ if (FIB_PROTOCOL_IP4 == prefix->fp_proto)
+ {
+ if (prefix->fp_len > 32)
+ {
+ return false;
+ }
+ }
+
+ if (FIB_PROTOCOL_IP6 == prefix->fp_proto)
+ {
+ if (prefix->fp_len > 128)
+ {
+ return false;
+ }
+ }
+ return true;
+}
+
static clib_error_t *
vnet_ip_route_cmd (vlib_main_t * vm,
unformat_input_t * main_input, vlib_cli_command_t * cmd)
@@ -353,6 +374,12 @@ vnet_ip_route_cmd (vlib_main_t * vm,
.fp_addr = prefixs[i].fp_addr,
};
+ if (!fib_prefix_validate (&rpfx))
+ {
+ vlib_cli_output (vm, "Invalid prefix len: %d", rpfx.fp_len);
+ continue;
+ }
+
if (is_del)
fib_table_entry_path_remove2 (fib_index,
&rpfx, FIB_SOURCE_CLI, rpaths);
diff --git a/src/vnet/ip/lookup.h b/src/vnet/ip/lookup.h
index aa998273213..4489df1aed8 100644
--- a/src/vnet/ip/lookup.h
+++ b/src/vnet/ip/lookup.h
@@ -179,6 +179,7 @@ ip_lookup_set_buffer_fib_index (u32 * fib_index_by_sw_if_index,
}
void ip_lookup_init (ip_lookup_main_t * lm, u32 ip_lookup_node_index);
+bool fib_prefix_validate (const fib_prefix_t *prefix);
#endif /* included_ip_lookup_h */
/*