From 2dca180db989ea7afacdf4e70cc85e4408557382 Mon Sep 17 00:00:00 2001 From: Elias Rudberg Date: Wed, 27 May 2020 01:03:46 +0200 Subject: misc: ipfix-export unformat u16 collector_port fix Use %U and unformat_udp_port instead of %u for unformat() call for u16 collector_port number in set_ipfix_exporter_command_fn() to avoid corruption of other variables which can happen if unformat() with %u is used with a 16-bit variable. This avoids crash due to corrupted fib_index value. Type: fix Signed-off-by: Elias Rudberg Change-Id: Id54273fcc458a7f9c5aa4025aa91711f160c1c1a --- src/vnet/ipfix-export/flow_report.c | 3 ++- src/vnet/udp/udp.h | 1 + src/vnet/udp/udp_format.c | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) (limited to 'src/vnet') diff --git a/src/vnet/ipfix-export/flow_report.c b/src/vnet/ipfix-export/flow_report.c index 1976ffc0796..56a2d16b8d5 100644 --- a/src/vnet/ipfix-export/flow_report.c +++ b/src/vnet/ipfix-export/flow_report.c @@ -500,7 +500,8 @@ set_ipfix_exporter_command_fn (vlib_main_t * vm, { if (unformat (input, "collector %U", unformat_ip4_address, &collector)) ; - else if (unformat (input, "port %u", &collector_port)) + else if (unformat (input, "port %U", unformat_udp_port, + &collector_port)) ; else if (unformat (input, "src %U", unformat_ip4_address, &src)) ; diff --git a/src/vnet/udp/udp.h b/src/vnet/udp/udp.h index 0cb085b1d72..95fbcd977ef 100644 --- a/src/vnet/udp/udp.h +++ b/src/vnet/udp/udp.h @@ -281,6 +281,7 @@ format_function_t format_udp_header; format_function_t format_udp_rx_trace; format_function_t format_udp_connection; unformat_function_t unformat_udp_header; +unformat_function_t unformat_udp_port; void udp_add_dst_port (udp_main_t * um, udp_dst_port_t dst_port, char *dst_port_name, u8 is_ip4); diff --git a/src/vnet/udp/udp_format.c b/src/vnet/udp/udp_format.c index 2277e18bcdb..93e7508711b 100644 --- a/src/vnet/udp/udp_format.c +++ b/src/vnet/udp/udp_format.c @@ -82,6 +82,23 @@ format_udp_header (u8 * s, va_list * args) return s; } +uword +unformat_udp_port (unformat_input_t * input, va_list * args) +{ + u16 *result = va_arg (*args, u16 *); + int port; + + /* Numeric type. */ + if (unformat (input, "0x%x", &port) || unformat (input, "%d", &port)) + { + if (port <= 0 || port >= (1 << 16)) + return 0; + *result = port; + return 1; + } + return 0; +} + /* * fd.io coding-style-patch-verification: ON * -- cgit 1.2.3-korg