From a58dae61aea7e781a27ce65462dd38ab55e8599c Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Fri, 16 Sep 2022 17:01:00 +0000 Subject: [PATCH] igmp: validate ip router alert option length It's known there're one or more 32-bit increments in the ip header. So just check ip router alert option length with minimal performance impact, and don't care of the total options length. Type: fix Signed-off-by: Vladislav Grishenko Signed-off-by: Dmitry Valter Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3 --- src/vnet/ip/ip4_options.c | 5 ++++ test/test_igmp.py | 60 +++++++++++++++++++++++++++++++++++------------ 2 files changed, 50 insertions(+), 15 deletions(-) diff --git a/src/vnet/ip/ip4_options.c b/src/vnet/ip/ip4_options.c index 9b01151a1f0..6ef6b6030cc 100644 --- a/src/vnet/ip/ip4_options.c +++ b/src/vnet/ip/ip4_options.c @@ -77,6 +77,11 @@ VLIB_NODE_FN (ip4_options_node) (vlib_main_t * vm, switch (options[0] & 0x7f) { case IP4_ROUTER_ALERT_OPTION: + /* + * check the option length + */ + if (options[1] != 4) + break; /* * if it's an IGMP packet, pass up the local stack */ diff --git a/test/test_igmp.py b/test/test_igmp.py index 6e9defd4c1d..d1189f57830 100644 --- a/test/test_igmp.py +++ b/test/test_igmp.py @@ -218,7 +218,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -241,7 +243,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -264,7 +268,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -284,7 +290,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -305,7 +313,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -368,7 +378,9 @@ class TestIgmp(VppTestCase): dst="239.1.1.1", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Membership Query", mrcode=100) @@ -581,7 +593,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -599,7 +613,9 @@ class TestIgmp(VppTestCase): dst="224.0.0.22", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -695,7 +711,9 @@ class TestIgmp(VppTestCase): dst="224.0.0.22", tos=0xC0, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -769,7 +787,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -791,7 +811,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -817,7 +839,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -844,7 +868,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -865,7 +891,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") @@ -894,7 +922,9 @@ class TestIgmp(VppTestCase): tos=0xC0, ttl=1, options=[ - IPOption(copy_flag=1, optclass="control", option="router_alert") + IPOption( + copy_flag=1, optclass="control", option="router_alert", length=4 + ) ], ) / IGMPv3(type="Version 3 Membership Report") -- 2.16.6