proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2026-01-06 19:55:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zebra: Add check for prefix length from kernel messages

Browse Source 
Zebra needed a check that varifies the prefix length
of an address is a valid length when receiving route
changes and interface address changes.

Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
This commit is contained in:
Stephen Worley 2018-07-20 23:20:28 -04:00
parent f4f9200dec
commit 930571d24f
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
zebra/if_netlink.c
View File

@ -991,6 +991,12 @@ int netlink_interface_addr(struct nlmsghdr *h, ns_id_t ns_id, int startup)
/* Register interface address to the interface. */
if (ifa->ifa_family == AF_INET) {
if (ifa->ifa_prefixlen > IPV4_MAX_BITLEN) {
zlog_warn(
"Invalid prefix length: %d received from kernel interface addr change: %d",
ifa->ifa_prefixlen, h->nlmsg_type);
return 0;
}
if (h->nlmsg_type == RTM_NEWADDR)
connected_add_ipv4(ifp, flags, (struct in_addr *)addr,
ifa->ifa_prefixlen,
@ -1001,6 +1007,12 @@ int netlink_interface_addr(struct nlmsghdr *h, ns_id_t ns_id, int startup)
ifa->ifa_prefixlen, (struct in_addr *)broad);
}
if (ifa->ifa_family == AF_INET6) {
if (ifa->ifa_prefixlen > IPV6_MAX_BITLEN) {
zlog_warn(
"Invalid prefix length: %d received from kernel interface addr change: %d",
ifa->ifa_prefixlen, h->nlmsg_type);
return 0;
}
if (h->nlmsg_type == RTM_NEWADDR) {
/* Only consider valid addresses; we'll not get a
* notification from

19
zebra/rt_netlink.c
View File

@ -384,17 +384,36 @@ static int netlink_route_change_read_unicast(struct nlmsghdr *h, ns_id_t ns_id,
if (rtm->rtm_family == AF_INET) {
p.family = AF_INET;
if (rtm->rtm_dst_len > IPV4_MAX_BITLEN) {
zlog_warn(
"Invalid destination prefix length: %d received from kernel route change",
rtm->rtm_dst_len);
return 0;
}
memcpy(&p.u.prefix4, dest, 4);
p.prefixlen = rtm->rtm_dst_len;
src_p.prefixlen =
0; // Forces debug below to not display anything
} else if (rtm->rtm_family == AF_INET6) {
p.family = AF_INET6;
if (rtm->rtm_dst_len > IPV6_MAX_BITLEN) {
zlog_warn(
"Invalid destination prefix length: %d received from kernel route change",
rtm->rtm_dst_len);
return 0;
}
memcpy(&p.u.prefix6, dest, 16);
p.prefixlen = rtm->rtm_dst_len;
src_p.family = AF_INET6;
if (rtm->rtm_src_len > IPV6_MAX_BITLEN) {
zlog_warn(
"Invalid source prefix length: %d received from kernel route change",
rtm->rtm_src_len);
return 0;
}
memcpy(&src_p.prefix, src, 16);
src_p.prefixlen = rtm->rtm_src_len;
}