s = format (s, "%s(%d): ", h->name, t->t);
- for (i = 0; i < (t->l - sizeof (*t)); i++)
- vec_add1 (s, t->v[i]);
+ if (t->l >= 4)
+ {
+ for (i = 0; i < (t->l - sizeof (*t)); i++)
+ vec_add1 (s, t->v[i]);
+ }
vec_add1 (s, '\n');
return s;
tlv->l = ntohs (tlv->l);
/* tlv length includes t, l and v */
+
+ if (tlv->l < 4)
+ return CDP_ERROR_BAD_TLV;
+
cur += tlv->l;
if ((cur - 1) > end)
return CDP_ERROR_BAD_TLV;
+
/*
* Only process known TLVs. In practice, certain
* devices send tlv->t = 0xFF, perhaps as an EOF of sorts.
self.assert_equal(system, self.device_id,
"CDP received invalid device id")
- def test_send_cdp_bad_packet(self):
+ def test_cdp_underflow_tlv(self):
+ self.send_bad_packet(3, ".")
+
+ def test_cdp_overflow_tlv(self):
+ self.send_bad_packet(8, ".")
+
+ def send_bad_packet(self, l, v):
self.logger.info(self.vapi.cli("cdp enable"))
- self.send_packet(self.create_bad_packet(8, "."))
+ self.send_packet(self.create_bad_packet(l, v))
errors = list(self.show_errors())
self.assertTrue(errors)
for count, node, reason in errors:
if (node == u'cdp-input' and
reason == u'cdp packets with bad TLVs' and
- int(count) == 1):
+ int(count) >= 1):
expected_errors = True
break
Code Review / vpp.git / commitdiff