fib: Crash when specify a big prefix length from CLI.

The VPP is crashing when specify a very big prefix length, like
ip route add 1.1.1.1/55 via 2.2.2.2

Type: fix

Signed-off-by: Gavril Florian <gflorian@3nets.io>
Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5

diff --git a/src/vnet/error.h b/src/vnet/error.h
index 3feb8ff..fa13375 100644 (file)
--- a/src/vnet/error.h
+++ b/src/vnet/error.h
@@ -158,7 +158,8 @@
   _ (BUSY, -167, "Busy")                                                      \
   _ (BUG, -168, "Bug")                                                        \
   _ (FEATURE_ALREADY_DISABLED, -169, "Feature already disabled")              \
-  _ (FEATURE_ALREADY_ENABLED, -170, "Feature already enabled")
+  _ (FEATURE_ALREADY_ENABLED, -170, "Feature already enabled")                \
+  _ (INVALID_PREFIX_LENGTH, -171, "Invalid prefix length")
 
 typedef enum
 {

diff --git a/src/vnet/fib/fib_api.c b/src/vnet/fib/fib_api.c
index c8511c0..07d6699 100644 (file)
--- a/src/vnet/fib/fib_api.c
+++ b/src/vnet/fib/fib_api.c
@@ -448,6 +448,9 @@ fib_api_route_add_del (u8 is_add,
                        fib_entry_flag_t entry_flags,
                        fib_route_path_t *rpaths)
 {
+    if (!fib_prefix_validate(prefix)) {
+          return (VNET_API_ERROR_INVALID_PREFIX_LENGTH);
+    }
     if (is_multipath)
     {
         if (vec_len(rpaths) == 0)

diff --git a/src/vnet/ip/lookup.c b/src/vnet/ip/lookup.c
index 5ac2a9c..80a35fe 100644 (file)
--- a/src/vnet/ip/lookup.c
+++ b/src/vnet/ip/lookup.c
@@ -220,6 +220,27 @@ const ip46_address_t zero_addr = {
             0, 0},
 };
 
+bool
+fib_prefix_validate (const fib_prefix_t *prefix)
+{
+  if (FIB_PROTOCOL_IP4 == prefix->fp_proto)
+    {
+      if (prefix->fp_len > 32)
+       {
+         return false;
+       }
+    }
+
+  if (FIB_PROTOCOL_IP6 == prefix->fp_proto)
+    {
+      if (prefix->fp_len > 128)
+       {
+         return false;
+       }
+    }
+  return true;
+}
+
 static clib_error_t *
 vnet_ip_route_cmd (vlib_main_t * vm,
                   unformat_input_t * main_input, vlib_cli_command_t * cmd)
@@ -353,6 +374,12 @@ vnet_ip_route_cmd (vlib_main_t * vm,
                .fp_addr = prefixs[i].fp_addr,
              };
 
+             if (!fib_prefix_validate (&rpfx))
+               {
+                 vlib_cli_output (vm, "Invalid prefix len: %d", rpfx.fp_len);
+                 continue;
+               }
+
              if (is_del)
                fib_table_entry_path_remove2 (fib_index,
                                              &rpfx, FIB_SOURCE_CLI, rpaths);

diff --git a/src/vnet/ip/lookup.h b/src/vnet/ip/lookup.h
index aa99827..4489df1 100644 (file)
--- a/src/vnet/ip/lookup.h
+++ b/src/vnet/ip/lookup.h
@@ -179,6 +179,7 @@ ip_lookup_set_buffer_fib_index (u32 * fib_index_by_sw_if_index,
 }
 
 void ip_lookup_init (ip_lookup_main_t * lm, u32 ip_lookup_node_index);
+bool fib_prefix_validate (const fib_prefix_t *prefix);
 
 #endif /* included_ip_lookup_h */
 /*