From 1a1c59d1a20ce834ee2296e9b12321410bbabac9 Mon Sep 17 00:00:00 2001
From: Andrew Yourtchenko <ayourtch@gmail.com>
Date: Tue, 23 Aug 2022 16:51:12 +0000
Subject: lisp: address the issues raised by coverity 249165

Add the error checks in parsing, aimed to avoid parser walking past the end of packet in case the data
is garbage.

Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9541b555a18baf63cb8081bcd7a4c2750f2ed012
---
 src/plugins/lisp/lisp-cp/lisp_msg_serdes.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src/plugins/lisp/lisp-cp')

diff --git a/src/plugins/lisp/lisp-cp/lisp_msg_serdes.c b/src/plugins/lisp/lisp-cp/lisp_msg_serdes.c
index 14d90982d4f..509462d8e23 100644
--- a/src/plugins/lisp/lisp-cp/lisp_msg_serdes.c
+++ b/src/plugins/lisp/lisp-cp/lisp_msg_serdes.c
@@ -264,9 +264,14 @@ lisp_msg_parse_addr (vlib_buffer_t * b, gid_address_t * eid)
   u32 len;
   clib_memset (eid, 0, sizeof (*eid));
   len = gid_address_parse (vlib_buffer_get_current (b), eid);
-  if (len != ~0)
-    vlib_buffer_pull (b, len);
-  return len;
+  if ((len != ~0) && vlib_buffer_pull (b, len))
+    {
+      return len;
+    }
+  else
+    {
+      return ~0;
+    }
 }
 
 u32
@@ -280,7 +285,10 @@ lisp_msg_parse_eid_rec (vlib_buffer_t * b, gid_address_t * eid)
     return len;
 
   gid_address_ippref_len (eid) = EID_REC_MLEN (h);
-  vlib_buffer_pull (b, len + sizeof (eid_record_hdr_t));
+  if (!vlib_buffer_pull (b, len + sizeof (eid_record_hdr_t)))
+    {
+      return ~0;
+    }
 
   return len + sizeof (eid_record_hdr_t);
 }
-- 
cgit 1.2.3-korg