igmp: validate ip router alert option length

It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.

Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3

diff --git a/src/vnet/ip/ip4_options.c b/src/vnet/ip/ip4_options.c
index 9b01151..6ef6b60 100644 (file)
--- a/src/vnet/ip/ip4_options.c
+++ b/src/vnet/ip/ip4_options.c
@@ -77,6 +77,11 @@ VLIB_NODE_FN (ip4_options_node) (vlib_main_t * vm,
          switch (options[0] & 0x7f)
            {
            case IP4_ROUTER_ALERT_OPTION:
+             /*
+              * check the option length
+              */
+             if (options[1] != 4)
+               break;
              /*
               * if it's an IGMP packet, pass up the local stack
               */

diff --git a/test/test_igmp.py b/test/test_igmp.py
index 6e9defd..d1189f5 100644 (file)
--- a/test/test_igmp.py
+++ b/test/test_igmp.py
@@ -218,7 +218,9 @@ class TestIgmp(VppTestCase):
                 dst="239.1.1.1",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Membership Query", mrcode=100)
@@ -241,7 +243,9 @@ class TestIgmp(VppTestCase):
                 dst="239.1.1.1",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Membership Query", mrcode=100)
@@ -264,7 +268,9 @@ class TestIgmp(VppTestCase):
                 dst="239.1.1.1",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Membership Query", mrcode=100)
@@ -284,7 +290,9 @@ class TestIgmp(VppTestCase):
                 dst="239.1.1.1",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Membership Query", mrcode=100)
@@ -305,7 +313,9 @@ class TestIgmp(VppTestCase):
                 dst="239.1.1.1",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Membership Query", mrcode=100)
@@ -368,7 +378,9 @@ class TestIgmp(VppTestCase):
                 dst="239.1.1.1",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Membership Query", mrcode=100)
@@ -581,7 +593,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -599,7 +613,9 @@ class TestIgmp(VppTestCase):
                 dst="224.0.0.22",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -695,7 +711,9 @@ class TestIgmp(VppTestCase):
                 dst="224.0.0.22",
                 tos=0xC0,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -769,7 +787,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -791,7 +811,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -817,7 +839,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -844,7 +868,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -865,7 +891,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")
@@ -894,7 +922,9 @@ class TestIgmp(VppTestCase):
                 tos=0xC0,
                 ttl=1,
                 options=[
-                    IPOption(copy_flag=1, optclass="control", option="router_alert")
+                    IPOption(
+                        copy_flag=1, optclass="control", option="router_alert", length=4
+                    )
                 ],
             )
             / IGMPv3(type="Version 3 Membership Report")