From: claudio <claudio@openbsd.org>
Date: Tue, 9 Apr 2024 12:05:07 +0000 (+0000)
Subject: Check that the ASPA tas array fits in an IMSG before sending the ASPA
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bb1a6d1a5c7dbbfa47dce71d757f969e855e1dd9;p=openbsd

Check that the ASPA tas array fits in an IMSG before sending the ASPA
record over to RTR or the RDE.

The long term goal is to increase the IMSG size considerably but that
requires some additional API changes to the imsg API.
OK tb@
---

diff --git a/usr.sbin/bgpd/bgpd.c b/usr.sbin/bgpd/bgpd.c
index 85b02707de6..b4df9efaa8d 100644
--- a/usr.sbin/bgpd/bgpd.c
+++ b/usr.sbin/bgpd/bgpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.c,v 1.262 2024/01/09 13:41:32 claudio Exp $ */
+/*	$OpenBSD: bgpd.c,v 1.263 2024/04/09 12:05:07 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -716,11 +716,19 @@ send_config(struct bgpd_config *conf)
 	}
 	free_roatree(&conf->roa);
 	RB_FOREACH(aspa, aspa_tree, &conf->aspa) {
+		/* XXX prevent oversized IMSG for now */
+		if (aspa->num * sizeof(*aspa->tas) >
+		    MAX_IMSGSIZE - IMSG_HEADER_SIZE) {
+			log_warnx("oversized ASPA set for customer-as %s, %s",
+			    log_as(aspa->as), "dropped");
+			continue;
+		}
+
 		if (imsg_compose(ibuf_rtr, IMSG_RECONF_ASPA, 0, 0,
 		    -1, aspa, offsetof(struct aspa_set, tas)) == -1)
 			return (-1);
 		if (imsg_compose(ibuf_rtr, IMSG_RECONF_ASPA_TAS, 0, 0,
-		    -1, aspa->tas, sizeof(*aspa->tas) * aspa->num) == -1)
+		    -1, aspa->tas, aspa->num * sizeof(*aspa->tas)) == -1)
 			return (-1);
 		if (imsg_compose(ibuf_rtr, IMSG_RECONF_ASPA_DONE, 0, 0, -1,
 		    NULL, 0) == -1)
diff --git a/usr.sbin/bgpd/rtr.c b/usr.sbin/bgpd/rtr.c
index 4411e398e07..43b471204ea 100644
--- a/usr.sbin/bgpd/rtr.c
+++ b/usr.sbin/bgpd/rtr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtr.c,v 1.20 2024/01/18 09:39:36 claudio Exp $ */
+/*	$OpenBSD: rtr.c,v 1.21 2024/04/09 12:05:07 claudio Exp $ */
 
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@@ -532,6 +532,14 @@ rtr_recalc(void)
 	RB_FOREACH_REVERSE(aspa, aspa_tree, &at) {
 		struct aspa_set	as = { .as = aspa->as, .num = aspa->num };
 
+		/* XXX prevent oversized IMSG for now */
+		if (aspa->num * sizeof(*aspa->tas) >
+		    MAX_IMSGSIZE - IMSG_HEADER_SIZE) {
+			log_warnx("oversized ASPA set for customer-as %s, %s",
+			    log_as(aspa->as), "dropped");
+			continue;
+		}
+
 		imsg_compose(ibuf_rde, IMSG_RECONF_ASPA, 0, 0, -1,
 		    &as, offsetof(struct aspa_set, tas));
 		imsg_compose(ibuf_rde, IMSG_RECONF_ASPA_TAS, 0, 0, -1,