[patch] Add contextual out-of-bound checks in RTR Prefix PDU handler

Job Snijders job at fastly.com
Fri Sep 17 20:39:42 CEST 2021


Apologies for the noise... perhaps three attempts is a charm? :-)

The "Prefix Length" can also contextually overflow, the below changeset
also checks that specific element.

I noticed that having RPKI_CS_ERROR_FATAL fall through to
RPKI_CS_ERROR_TRANSPORT did not result in the desired behavior (which is
to flush all data related to the corrupted RPKI cache), so I left that
change out. This means that a potential for a 'reconnect storm' remains.
Adding a retry sleep timer before scheduling the next connect attempt if
RPKI_CS_ERROR_FATAL happened should probably be investigated separately.

Kind regards,

Job

diff --git proto/rpki/packets.c proto/rpki/packets.c
index dd11f997..fa94846e 100644
--- proto/rpki/packets.c
+++ proto/rpki/packets.c
@@ -737,6 +737,30 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
   net_addr_union addr = {};
   rpki_prefix_pdu_2_net_addr(pdu, &addr);
 
+  if (type == IPV4_PREFIX) {
+    if (addr.roa4.max_pxlen < addr.roa4.pxlen
+        || addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH
+        || addr.roa4.pxlen > IP4_MAX_PREFIX_LENGTH) {
+      RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid Max Length");
+      byte tmp[pdu->len];
+      const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+      rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, tmp, "Corrupted PDU: invalid pxlen or max_pxlen");
+      rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+      return RPKI_ERROR;
+    }
+  } else {
+    if (addr.roa6.max_pxlen < addr.roa6.pxlen
+        || addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH
+        || addr.roa6.pxlen > IP6_MAX_PREFIX_LENGTH) {
+      RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid Max Length");
+      byte tmp[pdu->len];
+      const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+      rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, tmp, "Corrupted PDU: invalid pxlen or max_pxlen");
+      rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+      return RPKI_ERROR;
+    }
+  }
+
   if (cf->ignore_max_length)
   {
     if (type == IPV4_PREFIX)


More information about the Bird-users mailing list