From bdfe5955f59a735fd8d70e9026f8c1867a4c8cc6 Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Mon, 4 May 2020 12:33:18 -0400 Subject: ethernet: add sanity checks to p2p_ethernet_add/del Binary API message handlers need to check sw_if_index values. Found in binary api fuzz testing. Type: fix Signed-off-by: Dave Barach Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed Signed-off-by: Paul Vinciguerra --- src/vnet/ethernet/p2p_ethernet_api.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src/vnet/ethernet/p2p_ethernet_api.c') diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c index 3bbda6ef361..2c75a51d2f8 100644 --- a/src/vnet/ethernet/p2p_ethernet_api.c +++ b/src/vnet/ethernet/p2p_ethernet_api.c @@ -55,16 +55,31 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp) u32 p2pe_if_index; u8 remote_mac[6]; + if (!vnet_sw_if_index_is_api_valid (parent_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto bad_sw_if_index; + } + if (!vnet_sw_if_index_is_api_valid (sub_id)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX_2; + goto bad_sw_if_index; + } + clib_memcpy (remote_mac, mp->remote_mac, 6); rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, sub_id, 1, &p2pe_if_index); + BAD_SW_IF_INDEX_LABEL; + /* *INDENT-OFF* */ REPLY_MACRO2(VL_API_P2P_ETHERNET_ADD_REPLY, ({ rmp->sw_if_index = htonl(p2pe_if_index); })); + + /* *INDENT-ON* */ } @@ -78,9 +93,16 @@ vl_api_p2p_ethernet_del_t_handler (vl_api_p2p_ethernet_del_t * mp) u32 parent_if_index = htonl (mp->parent_if_index); u8 remote_mac[6]; + if (!vnet_sw_if_index_is_api_valid (parent_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto bad_sw_if_index; + } + clib_memcpy (remote_mac, mp->remote_mac, 6); rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, ~0, 0, 0); + BAD_SW_IF_INDEX_LABEL; REPLY_MACRO (VL_API_P2P_ETHERNET_DEL_REPLY); } -- cgit 1.2.3-korg