[patch] Add contextual out-of-bound checks in RTR Prefix PDU handler

Ondrej Zajicek santiago at crfreenet.org
Sat Dec 18 16:43:34 CET 2021 

On Sun, Nov 14, 2021 at 07:26:44PM +0100, Job Snijders wrote:
> Ping :-)

Thanks, merged. Sorry for keeping it open for so long.

btw, the original 2-condition patch was ok, because condition
addr.roaX.pxlen <= IPX_MAX_PREFIX_LENGTH is deduced from transitivity.


> On Fri, 17 Sep 2021 at 21:34, Job Snijders <job at fastly.com> wrote:
> 
> > Hi,
> >
> > I've aligned the text that is locally logged with the encapsulated error
> > message sent to the broken RPKI cache. Also fixed a compiler warning
> > that snuck into my previous patch: now passing the correct pointer
> > (hton_pdu) to rpki_send_error_pdu().
> >
> > Kind regards,
> >
> > Job
> >
> > diff --git proto/rpki/packets.c proto/rpki/packets.c
> > index dd11f997..7a1eeb0f 100644
> > --- proto/rpki/packets.c
> > +++ proto/rpki/packets.c
> > @@ -737,6 +737,30 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache,
> > const struct pdu_header *pdu)
> >    net_addr_union addr = {};
> >    rpki_prefix_pdu_2_net_addr(pdu, &addr);
> >
> > +  if (type == IPV4_PREFIX) {
> > +    if (addr.roa4.max_pxlen < addr.roa4.pxlen
> > +        || addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH
> > +        || addr.roa4.pxlen > IP4_MAX_PREFIX_LENGTH) {
> > +      RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache
> > server: invalid pxlen or max_pxlen");
> > +      byte tmp[pdu->len];
> > +      const struct pdu_header *hton_pdu =
> > rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
> > +      rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu,
> > "Corrupted PDU: invalid pxlen or max_pxlen");
> > +      rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
> > +      return RPKI_ERROR;
> > +    }
> > +  } else {
> > +    if (addr.roa6.max_pxlen < addr.roa6.pxlen
> > +        || addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH
> > +        || addr.roa6.pxlen > IP6_MAX_PREFIX_LENGTH) {
> > +      RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache
> > server: invalid pxlen or max_pxlen");
> > +      byte tmp[pdu->len];
> > +      const struct pdu_header *hton_pdu =
> > rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
> > +      rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu,
> > "Corrupted PDU: invalid pxlen or max_pxlen");
> > +      rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
> > +      return RPKI_ERROR;
> > +    }
> > +  }
> > +
> >    if (cf->ignore_max_length)
> >    {
> >      if (type == IPV4_PREFIX)
> >

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

More information about the Bird-users mailing list