summaryrefslogtreecommitdiffstats
path: root/src/vnet/lisp-cp
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/lisp-cp')
-rw-r--r--src/vnet/lisp-cp/control.c14
-rw-r--r--src/vnet/lisp-cp/control.h9
-rw-r--r--src/vnet/lisp-cp/lisp_msg_serdes.c8
-rw-r--r--src/vnet/lisp-cp/lisp_types.c31
4 files changed, 40 insertions, 22 deletions
diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c
index 6408b297e3b..c0093301307 100644
--- a/src/vnet/lisp-cp/control.c
+++ b/src/vnet/lisp-cp/control.c
@@ -44,13 +44,6 @@ typedef struct
u8 smr_invoked;
} map_request_args_t;
-typedef struct
-{
- u64 nonce;
- u8 is_rloc_probe;
- mapping_t *mappings;
-} map_records_arg_t;
-
u8
vnet_lisp_get_map_request_mode (void)
{
@@ -3485,7 +3478,7 @@ done:
vec_free (itr_rlocs);
}
-static map_records_arg_t *
+map_records_arg_t *
parse_map_reply (vlib_buffer_t * b)
{
locator_t probed;
@@ -3501,6 +3494,11 @@ parse_map_reply (vlib_buffer_t * b)
mrep_hdr = vlib_buffer_get_current (b);
a->nonce = MREP_NONCE (mrep_hdr);
a->is_rloc_probe = MREP_RLOC_PROBE (mrep_hdr);
+ if (!vlib_buffer_has_space (b, sizeof (*mrep_hdr)))
+ {
+ clib_mem_free (a);
+ return 0;
+ }
vlib_buffer_pull (b, sizeof (*mrep_hdr));
for (i = 0; i < MREP_REC_COUNT (mrep_hdr); i++)
diff --git a/src/vnet/lisp-cp/control.h b/src/vnet/lisp-cp/control.h
index eae8a184f76..cb98eb09e16 100644
--- a/src/vnet/lisp-cp/control.h
+++ b/src/vnet/lisp-cp/control.h
@@ -273,6 +273,13 @@ typedef struct
u8 key_id;
} vnet_lisp_add_del_mapping_args_t;
+typedef struct
+{
+ u64 nonce;
+ u8 is_rloc_probe;
+ mapping_t *mappings;
+} map_records_arg_t;
+
int
vnet_lisp_map_cache_add_del (vnet_lisp_add_del_mapping_args_t * a,
u32 * map_index);
@@ -332,6 +339,8 @@ int vnet_lisp_map_register_enable_disable (u8 is_enable);
u8 vnet_lisp_map_register_state_get (void);
u8 vnet_lisp_rloc_probe_state_get (void);
+map_records_arg_t *parse_map_reply (vlib_buffer_t * b);
+
always_inline mapping_t *
lisp_get_petr_mapping (lisp_cp_main_t * lcm)
{
diff --git a/src/vnet/lisp-cp/lisp_msg_serdes.c b/src/vnet/lisp-cp/lisp_msg_serdes.c
index eee1885cd9b..6c0a7219f31 100644
--- a/src/vnet/lisp-cp/lisp_msg_serdes.c
+++ b/src/vnet/lisp-cp/lisp_msg_serdes.c
@@ -312,6 +312,8 @@ lisp_msg_parse_loc (vlib_buffer_t * b, locator_t * loc)
if (len == ~0)
return ~0;
+ if (!vlib_buffer_has_space (b, sizeof (len)))
+ return ~0;
vlib_buffer_pull (b, len);
return len;
@@ -326,6 +328,9 @@ lisp_msg_parse_mapping_record (vlib_buffer_t * b, gid_address_t * eid,
int i = 0, len = 0, llen = 0;
h = vlib_buffer_get_current (b);
+ if (!vlib_buffer_has_space (b, sizeof (mapping_record_hdr_t)))
+ return ~0;
+
vlib_buffer_pull (b, sizeof (mapping_record_hdr_t));
memset (eid, 0, sizeof (*eid));
@@ -333,6 +338,9 @@ lisp_msg_parse_mapping_record (vlib_buffer_t * b, gid_address_t * eid,
if (len == ~0)
return len;
+ if (!vlib_buffer_has_space (b, sizeof (len)))
+ return ~0;
+
vlib_buffer_pull (b, len);
if (GID_ADDR_IP_PREFIX == gid_address_type (eid))
gid_address_ippref_len (eid) = MAP_REC_EID_PLEN (h);
diff --git a/src/vnet/lisp-cp/lisp_types.c b/src/vnet/lisp-cp/lisp_types.c
index ad3a4bdf149..31a80081330 100644
--- a/src/vnet/lisp-cp/lisp_types.c
+++ b/src/vnet/lisp-cp/lisp_types.c
@@ -657,12 +657,19 @@ fid_addr_parse (u8 * p, fid_address_t * a)
return ip_address_parse (p, afi, ip_addr);
case FID_ADDR_NSH:
- ASSERT (0);
break;
}
return ~0;
}
+#define INC(dst, exp) \
+do { \
+ u16 _sum = (exp); \
+ if ((u16)~0 == _sum) \
+ return ~0; \
+ dst += _sum; \
+} while (0);
+
u16
sd_parse (u8 * p, void *a)
{
@@ -677,8 +684,8 @@ sd_parse (u8 * p, void *a)
sd_hdr = (lcaf_src_dst_hdr_t *) (p + size);
size += sizeof (sd_hdr[0]);
- size += fid_addr_parse (p + size, src);
- size += fid_addr_parse (p + size, dst);
+ INC (size, fid_addr_parse (p + size, src));
+ INC (size, fid_addr_parse (p + size, dst));
if (fid_addr_type (src) == FID_ADDR_IP_PREF)
{
@@ -704,7 +711,7 @@ try_parse_src_dst_lcaf (u8 * p, gid_address_t * a)
if (LCAF_SOURCE_DEST != lcaf_type (&lcaf))
return ~0;
- size += sd_parse (p + size, a);
+ INC (size, sd_parse (p + size, a));
return size;
}
@@ -724,13 +731,10 @@ vni_parse (u8 * p, void *a)
u16 afi = clib_net_to_host_u16 (*((u16 *) (p + size)));
if (LISP_AFI_LCAF == afi)
{
- u16 len = try_parse_src_dst_lcaf (p + size, g);
- if ((u16) ~ 0 == len)
- return ~0;
- size += len;
+ INC (size, try_parse_src_dst_lcaf (p + size, g));
}
else
- size += gid_address_parse (p + size, g);
+ INC (size, gid_address_parse (p + size, g));
return size;
}
@@ -757,7 +761,7 @@ lcaf_parse (void *offset, gid_address_t * addr)
clib_warning ("Unsupported LCAF type: %u", type);
return ~0;
}
- size += (*lcaf_parse_fcts[type]) (offset + size, lcaf);
+ INC (size, (*lcaf_parse_fcts[type]) (offset + size, lcaf));
return sizeof (u16) + size;
}
@@ -1419,10 +1423,9 @@ u32
gid_address_parse (u8 * offset, gid_address_t * a)
{
lisp_afi_e afi;
- int len = 0;
+ u16 len = 0;
- if (!a)
- return 0;
+ ASSERT (a);
/* NOTE: since gid_address_parse may be called by vni_parse, we can't 0
* the gid address here */
@@ -1458,7 +1461,7 @@ gid_address_parse (u8 * offset, gid_address_t * a)
clib_warning ("LISP AFI %d not supported!", afi);
return ~0;
}
- return len;
+ return (len == (u16) ~ 0) ? ~0 : len;
}
void