From bdfe5955f59a735fd8d70e9026f8c1867a4c8cc6 Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Mon, 4 May 2020 12:33:18 -0400 Subject: [PATCH 1/1] ethernet: add sanity checks to p2p_ethernet_add/del Binary API message handlers need to check sw_if_index values. Found in binary api fuzz testing. Type: fix Signed-off-by: Dave Barach Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed Signed-off-by: Paul Vinciguerra --- src/vnet/ethernet/p2p_ethernet.api | 19 +++++++++++++++++++ src/vnet/ethernet/p2p_ethernet_api.c | 22 ++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/src/vnet/ethernet/p2p_ethernet.api b/src/vnet/ethernet/p2p_ethernet.api index 64e19a05f57..51867caaee2 100644 --- a/src/vnet/ethernet/p2p_ethernet.api +++ b/src/vnet/ethernet/p2p_ethernet.api @@ -18,6 +18,18 @@ option version = "1.0.0"; import "vnet/interface_types.api"; import "vnet/ethernet/ethernet_types.api"; +/** \brief Create a point-to-point (p2p) Ethernet sub-interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param parent_if_index - index of the parent interface + @param subif_id - subinterface index identifier + @param remote_mac - client MAC address + @retval VNET_API_ERROR_INVALID_SW_IF_INDEX on invalid parent_if_index + @retval VNET_API_ERROR_INVALID_SW_IF_INDEX_2 on invalid subif_id + @retval VNET_API_ERROR_BOND_SLAVE_NOT_ALLOWED + @retval VNET_API_ERROR_SUBIF_ALREADY_EXISTS + @retval VNET_API_ERROR_SUBIF_CREATE_FAILED +*/ define p2p_ethernet_add { u32 client_index; @@ -34,6 +46,13 @@ define p2p_ethernet_add_reply vl_api_interface_index_t sw_if_index; }; +/** \brief Delete a point-to-point (p2p) Ethernet sub-interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param parent_if_index - index of the parent interface + @param remote_mac - client MAC address + @retval VNET_API_ERROR_SUBIF_DOESNT_EXIST +*/ define p2p_ethernet_del { u32 client_index; diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c index 3bbda6ef361..2c75a51d2f8 100644 --- a/src/vnet/ethernet/p2p_ethernet_api.c +++ b/src/vnet/ethernet/p2p_ethernet_api.c @@ -55,16 +55,31 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp) u32 p2pe_if_index; u8 remote_mac[6]; + if (!vnet_sw_if_index_is_api_valid (parent_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto bad_sw_if_index; + } + if (!vnet_sw_if_index_is_api_valid (sub_id)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX_2; + goto bad_sw_if_index; + } + clib_memcpy (remote_mac, mp->remote_mac, 6); rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, sub_id, 1, &p2pe_if_index); + BAD_SW_IF_INDEX_LABEL; + /* *INDENT-OFF* */ REPLY_MACRO2(VL_API_P2P_ETHERNET_ADD_REPLY, ({ rmp->sw_if_index = htonl(p2pe_if_index); })); + + /* *INDENT-ON* */ } @@ -78,9 +93,16 @@ vl_api_p2p_ethernet_del_t_handler (vl_api_p2p_ethernet_del_t * mp) u32 parent_if_index = htonl (mp->parent_if_index); u8 remote_mac[6]; + if (!vnet_sw_if_index_is_api_valid (parent_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto bad_sw_if_index; + } + clib_memcpy (remote_mac, mp->remote_mac, 6); rv = p2p_ethernet_add_del (vm, parent_if_index, remote_mac, ~0, 0, 0); + BAD_SW_IF_INDEX_LABEL; REPLY_MACRO (VL_API_P2P_ETHERNET_DEL_REPLY); } -- 2.16.6