diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2018-07-10 15:13:36 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2018-07-10 15:13:36 +0000 |
commit | 2bd710f5b4fe8036d1371d1b47d23a1eae9e0d02 (patch) | |
tree | 4f52e7f955df24963e7a2e9c2b0dd3c1c0470bca /usr.sbin | |
parent | 33c248397417a9d856fe5c6a3e08aae75b2f14e1 (diff) |
rde_update_get_prefix() and friends should also verify the prefixlen.
This way the check can be removed from rde_update_dispatch() which is
just a duplicate of the general failure case of rde_update_get_prefix().
OK benno@ phessler@
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/bgpd/rde.c | 54 |
1 files changed, 7 insertions, 47 deletions
diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index ee43fabfa8c..bd20edaff5b 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.389 2018/07/10 12:38:50 benno Exp $ */ +/* $OpenBSD: rde.c,v 1.390 2018/07/10 15:13:35 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1040,13 +1040,6 @@ rde_update_dispatch(struct imsg *imsg) NULL, 0); goto done; } - if (prefixlen > 32) { - log_peer_warnx(&peer->conf, "bad withdraw prefix"); - rde_update_err(peer, ERR_UPDATE, ERR_UPD_NETWORK, - NULL, 0); - goto done; - } - p += pos; len -= pos; @@ -1120,15 +1113,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.unreach, mpa.unreach_len); goto done; } - if (prefixlen > 128) { - log_peer_warnx(&peer->conf, - "bad IPv6 withdraw prefix"); - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.unreach, mpa.unreach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1146,15 +1130,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.unreach, mpa.unreach_len); goto done; } - if (prefixlen > 32) { - log_peer_warnx(&peer->conf, - "bad VPNv4 withdraw prefix"); - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.unreach, mpa.unreach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1190,13 +1165,6 @@ rde_update_dispatch(struct imsg *imsg) NULL, 0); goto done; } - if (prefixlen > 32) { - log_peer_warnx(&peer->conf, "bad nlri prefix"); - rde_update_err(peer, ERR_UPDATE, ERR_UPD_NETWORK, - NULL, 0); - goto done; - } - p += pos; nlri_len -= pos; @@ -1269,13 +1237,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.reach, mpa.reach_len); goto done; } - if (prefixlen > 128) { - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.reach, mpa.reach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1295,13 +1256,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.reach, mpa.reach_len); goto done; } - if (prefixlen > 32) { - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.reach, mpa.reach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1913,6 +1867,8 @@ rde_update_get_prefix(u_char *p, u_int16_t len, struct bgpd_addr *prefix, prefix->aid = AID_INET; *prefixlen = pfxlen; + if (pfxlen > 32) + return (-1); if ((plen = rde_update_extract_prefix(p, len, &prefix->v4, pfxlen, sizeof(prefix->v4))) == -1) return (-1); @@ -1937,6 +1893,8 @@ rde_update_get_prefix6(u_char *p, u_int16_t len, struct bgpd_addr *prefix, prefix->aid = AID_INET6; *prefixlen = pfxlen; + if (pfxlen > 128) + return (-1); if ((plen = rde_update_extract_prefix(p, len, &prefix->v6, pfxlen, sizeof(prefix->v6))) == -1) return (-1); @@ -1998,6 +1956,8 @@ rde_update_get_vpn4(u_char *p, u_int16_t len, struct bgpd_addr *prefix, prefix->aid = AID_VPN_IPv4; *prefixlen = pfxlen; + if (pfxlen > 32) + return (-1); if ((rv = rde_update_extract_prefix(p, len, &prefix->vpn4.addr, pfxlen, sizeof(prefix->vpn4.addr))) == -1) return (-1); |