From b37342c5a7c907e24ab34ab979338cac3b1dfe59 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Wed, 29 Sep 2021 19:02:58 +0200 Subject: ikev2: add logs in case of parsing errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Type: improvement Change-Id: Id0a6a9e68725ea7aa0b7da14cf54d14405a907fb Signed-off-by: Benoît Ganne --- src/plugins/ikev2/ikev2.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) (limited to 'src/plugins') diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index fe4c154e9c9..873ec136dae 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -662,7 +662,10 @@ ikev2_parse_ke_payload (const void *p, u32 rlen, ikev2_sa_t * sa, u16 plen = clib_net_to_host_u16 (ke->length); ASSERT (plen >= sizeof (*ke) && plen <= rlen); if (sizeof (*ke) > rlen) - return 0; + { + ikev2_elog_error ("KE: packet too small"); + return 0; + } sa->dh_group = clib_net_to_host_u16 (ke->dh_group); vec_reset_length (ke_data[0]); @@ -679,7 +682,10 @@ ikev2_parse_nonce_payload (const void *p, u32 rlen, const u8 **nonce) int len = plen - sizeof (*ikep); ASSERT (len >= 16 && len <= 256); if (PREDICT_FALSE (len < 16 || len > 256)) - return 0; + { + ikev2_elog_error ("NONCE: bad size"); + return 0; + } *nonce = ikep->payload; return len; } @@ -689,10 +695,16 @@ ikev2_check_payload_length (const ike_payload_header_t * ikep, int rlen, u16 * plen) { if (sizeof (*ikep) > rlen) - return 0; + { + ikev2_elog_error ("payload: packet too small"); + return 0; + } *plen = clib_net_to_host_u16 (ikep->length); if (*plen < sizeof (*ikep) || *plen > rlen) - return 0; + { + ikev2_elog_error ("payload: bad size"); + return 0; + } return 1; } @@ -719,7 +731,10 @@ ikev2_process_sa_init_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike, vec_add (sa->last_sa_init_req_packet_data, ike, len); if (len < sizeof (*ike)) - return 0; + { + ikev2_elog_error ("IKE_INIT request too small"); + return 0; + } len -= sizeof (*ike); while (p < len && payload != IKEV2_PAYLOAD_NONE) @@ -830,7 +845,10 @@ ikev2_process_sa_init_resp (vlib_main_t * vm, vec_add (sa->last_sa_init_res_packet_data, ike, len); if (sizeof (*ike) > len) - return; + { + ikev2_elog_error ("IKE_INIT response too small"); + return; + } len -= sizeof (*ike); while (p < len && payload != IKEV2_PAYLOAD_NONE) -- cgit 1.2.3-korg