[patch] Add contextual out-of-bound checks in RTR Prefix PDU handler
Ondrej Zajicek
santiago at crfreenet.org
Sat Dec 18 16:43:34 CET 2021
On Sun, Nov 14, 2021 at 07:26:44PM +0100, Job Snijders wrote:
> Ping :-)
Thanks, merged. Sorry for keeping it open for so long.
btw, the original 2-condition patch was ok, because condition
addr.roaX.pxlen <= IPX_MAX_PREFIX_LENGTH is deduced from transitivity.
> On Fri, 17 Sep 2021 at 21:34, Job Snijders <job at fastly.com> wrote:
>
> > Hi,
> >
> > I've aligned the text that is locally logged with the encapsulated error
> > message sent to the broken RPKI cache. Also fixed a compiler warning
> > that snuck into my previous patch: now passing the correct pointer
> > (hton_pdu) to rpki_send_error_pdu().
> >
> > Kind regards,
> >
> > Job
> >
> > diff --git proto/rpki/packets.c proto/rpki/packets.c
> > index dd11f997..7a1eeb0f 100644
> > --- proto/rpki/packets.c
> > +++ proto/rpki/packets.c
> > @@ -737,6 +737,30 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache,
> > const struct pdu_header *pdu)
> > net_addr_union addr = {};
> > rpki_prefix_pdu_2_net_addr(pdu, &addr);
> >
> > + if (type == IPV4_PREFIX) {
> > + if (addr.roa4.max_pxlen < addr.roa4.pxlen
> > + || addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH
> > + || addr.roa4.pxlen > IP4_MAX_PREFIX_LENGTH) {
> > + RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache
> > server: invalid pxlen or max_pxlen");
> > + byte tmp[pdu->len];
> > + const struct pdu_header *hton_pdu =
> > rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
> > + rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu,
> > "Corrupted PDU: invalid pxlen or max_pxlen");
> > + rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
> > + return RPKI_ERROR;
> > + }
> > + } else {
> > + if (addr.roa6.max_pxlen < addr.roa6.pxlen
> > + || addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH
> > + || addr.roa6.pxlen > IP6_MAX_PREFIX_LENGTH) {
> > + RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache
> > server: invalid pxlen or max_pxlen");
> > + byte tmp[pdu->len];
> > + const struct pdu_header *hton_pdu =
> > rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
> > + rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu,
> > "Corrupted PDU: invalid pxlen or max_pxlen");
> > + rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
> > + return RPKI_ERROR;
> > + }
> > + }
> > +
> > if (cf->ignore_max_length)
> > {
> > if (type == IPV4_PREFIX)
> >
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list