ethernet: add sanity checks to p2p_ethernet_add/del

Binary API message handlers need to check sw_if_index
values.

Found in binary api fuzz testing.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>

diff --git a/src/vnet/ethernet/p2p_ethernet.api b/src/vnet/ethernet/p2p_ethernet.api
index 64e19a0..51867ca 100644 (file)
--- a/src/vnet/ethernet/p2p_ethernet.api
+++ b/src/vnet/ethernet/p2p_ethernet.api
@@ -18,6 +18,18 @@ option version = "1.0.0";
 import "vnet/interface_types.api";
 import "vnet/ethernet/ethernet_types.api";
 
+/** \brief Create a point-to-point (p2p) Ethernet sub-interface
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param parent_if_index - index of the parent interface
+    @param subif_id - subinterface index identifier
+    @param remote_mac - client MAC address
+    @retval VNET_API_ERROR_INVALID_SW_IF_INDEX on invalid parent_if_index
+    @retval VNET_API_ERROR_INVALID_SW_IF_INDEX_2 on invalid subif_id
+    @retval VNET_API_ERROR_BOND_SLAVE_NOT_ALLOWED
+    @retval VNET_API_ERROR_SUBIF_ALREADY_EXISTS
+    @retval VNET_API_ERROR_SUBIF_CREATE_FAILED
+*/
 define p2p_ethernet_add
 {
   u32 client_index;
@@ -34,6 +46,13 @@ define p2p_ethernet_add_reply
   vl_api_interface_index_t sw_if_index;
 };
 
+/** \brief Delete a point-to-point (p2p) Ethernet sub-interface
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param parent_if_index - index of the parent interface
+    @param remote_mac - client MAC address
+    @retval VNET_API_ERROR_SUBIF_DOESNT_EXIST
+*/
 define p2p_ethernet_del
 {
   u32 client_index;

diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c
index 3bbda6e..2c75a51 100644 (file)
--- a/src/vnet/ethernet/p2p_ethernet_api.c
+++ b/src/vnet/ethernet/p2p_ethernet_api.c
@@ -55,16 +55,31 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp)
   u32 p2pe_if_index;
   u8 remote_mac[6];
 
+  if (!vnet_sw_if_index_is_api_valid (parent_if_index))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+      goto bad_sw_if_index;
+    }
+  if (!vnet_sw_if_index_is_api_valid (sub_id))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX_2;
+      goto bad_sw_if_index;
+    }
+
   clib_memcpy (remote_mac, mp->remote_mac, 6);
   rv =
     p2p_ethernet_add_del (vm, parent_if_index, remote_mac, sub_id, 1,
                          &p2pe_if_index);
 
+  BAD_SW_IF_INDEX_LABEL;
+
   /* *INDENT-OFF* */
   REPLY_MACRO2(VL_API_P2P_ETHERNET_ADD_REPLY,
   ({
     rmp->sw_if_index = htonl(p2pe_if_index);
   }));
+
+
   /* *INDENT-ON* */
 }
 
@@ -78,9 +93,16 @@ vl_api_p2p_ethernet_del_t_handler (vl_api_p2p_ethernet_del_t * mp)
   u32 parent_if_index = htonl (mp->parent_if_index);
   u8 remote_mac[6];
 
+  if (!vnet_sw_if_index_is_api_valid (parent_if_index))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+      goto bad_sw_if_index;
+    }
+
   clib_memcpy (remote_mac, mp->remote_mac, 6);
   rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, ~0, 0, 0);
 
+  BAD_SW_IF_INDEX_LABEL;
   REPLY_MACRO (VL_API_P2P_ETHERNET_DEL_REPLY);
 }