[patch] Add contextual out-of-bound checks in RTR Prefix PDU handler
Job Snijders
job at fastly.com
Fri Sep 17 19:43:44 CEST 2021
Here is an updated version of the changeset.
The problematic PDU is now in the correct order echoed to the RTR Cache
server, making troubleshooting with tcpdump/wireshark more productive! :)
Kind regards,
Job
diff --git proto/rpki/packets.c proto/rpki/packets.c
index dd11f997..3d024504 100644
--- proto/rpki/packets.c
+++ proto/rpki/packets.c
@@ -737,6 +737,26 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
net_addr_union addr = {};
rpki_prefix_pdu_2_net_addr(pdu, &addr);
+ if (type == IPV4_PREFIX) {
+ if (addr.roa4.max_pxlen < addr.roa4.pxlen || addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH) {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid Max Length");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, tmp, "Corrupted PDU");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ } else {
+ if (addr.roa6.max_pxlen < addr.roa6.pxlen || addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH) {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid Max Length");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, tmp, "Corrupted PDU");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+
if (cf->ignore_max_length)
{
if (type == IPV4_PREFIX)
diff --git proto/rpki/rpki.c proto/rpki/rpki.c
index ab0837f3..91b69da0 100644
--- proto/rpki/rpki.c
+++ proto/rpki/rpki.c
@@ -288,9 +288,6 @@ rpki_cache_change_state(struct rpki_cache *cache, const enum rpki_cache_state ne
case RPKI_CS_ERROR_FATAL:
/* Fatal protocol error occurred. */
- rpki_force_restart_proto(cache->p);
- break;
-
case RPKI_CS_ERROR_TRANSPORT:
/* Error on the transport socket occurred. */
rpki_close_connection(cache);
More information about the Bird-users
mailing list