From f3d7bd9d4d652b1c4b687267acdb9fdb908a74bd Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Tue, 23 Jun 2020 13:12:33 +0000
Subject: nat: deterministic: disallow invalid config

Prevent overflow if input network prefix is too small and crash on
packet #1 due to vector not being allocated/initialized.

Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8
---
 src/plugins/nat/nat44_cli.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/plugins/nat/nat44_cli.c')

diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index c73cffa85b2..7d74f36c754 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -1858,8 +1858,13 @@ snat_det_map_command_fn (vlib_main_t * vm,
 	}
     }
 
-  rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
-			 is_add);
+  if (in_plen > 32 || out_plen > 32)
+    {
+      error = clib_error_return (0, "network prefix length must be <= 32");
+      goto done;
+    }
+
+  rv = snat_det_add_map (sm, &in_addr, in_plen, &out_addr, out_plen, is_add);
 
   if (rv)
     {
-- 
cgit 1.2.3-korg