From a1df10e47e225f6ac98603041370ff02a4c03516 Mon Sep 17 00:00:00 2001 From: claudio Date: Tue, 10 Jul 2018 15:13:35 +0000 Subject: [PATCH] rde_update_get_prefix() and friends should also verify the prefixlen. This way the check can be removed from rde_update_dispatch() which is just a duplicate of the general failure case of rde_update_get_prefix(). OK benno@ phessler@ --- usr.sbin/bgpd/rde.c | 54 ++++++--------------------------------------- 1 file changed, 7 insertions(+), 47 deletions(-) diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index ee43fabfa8c..bd20edaff5b 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.389 2018/07/10 12:38:50 benno Exp $ */ +/* $OpenBSD: rde.c,v 1.390 2018/07/10 15:13:35 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -1040,13 +1040,6 @@ rde_update_dispatch(struct imsg *imsg) NULL, 0); goto done; } - if (prefixlen > 32) { - log_peer_warnx(&peer->conf, "bad withdraw prefix"); - rde_update_err(peer, ERR_UPDATE, ERR_UPD_NETWORK, - NULL, 0); - goto done; - } - p += pos; len -= pos; @@ -1120,15 +1113,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.unreach, mpa.unreach_len); goto done; } - if (prefixlen > 128) { - log_peer_warnx(&peer->conf, - "bad IPv6 withdraw prefix"); - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.unreach, mpa.unreach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1146,15 +1130,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.unreach, mpa.unreach_len); goto done; } - if (prefixlen > 32) { - log_peer_warnx(&peer->conf, - "bad VPNv4 withdraw prefix"); - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.unreach, mpa.unreach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1190,13 +1165,6 @@ rde_update_dispatch(struct imsg *imsg) NULL, 0); goto done; } - if (prefixlen > 32) { - log_peer_warnx(&peer->conf, "bad nlri prefix"); - rde_update_err(peer, ERR_UPDATE, ERR_UPD_NETWORK, - NULL, 0); - goto done; - } - p += pos; nlri_len -= pos; @@ -1269,13 +1237,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.reach, mpa.reach_len); goto done; } - if (prefixlen > 128) { - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.reach, mpa.reach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1295,13 +1256,6 @@ rde_update_dispatch(struct imsg *imsg) mpa.reach, mpa.reach_len); goto done; } - if (prefixlen > 32) { - rde_update_err(peer, ERR_UPDATE, - ERR_UPD_OPTATTR, - mpa.reach, mpa.reach_len); - goto done; - } - mpp += pos; mplen -= pos; @@ -1913,6 +1867,8 @@ rde_update_get_prefix(u_char *p, u_int16_t len, struct bgpd_addr *prefix, prefix->aid = AID_INET; *prefixlen = pfxlen; + if (pfxlen > 32) + return (-1); if ((plen = rde_update_extract_prefix(p, len, &prefix->v4, pfxlen, sizeof(prefix->v4))) == -1) return (-1); @@ -1937,6 +1893,8 @@ rde_update_get_prefix6(u_char *p, u_int16_t len, struct bgpd_addr *prefix, prefix->aid = AID_INET6; *prefixlen = pfxlen; + if (pfxlen > 128) + return (-1); if ((plen = rde_update_extract_prefix(p, len, &prefix->v6, pfxlen, sizeof(prefix->v6))) == -1) return (-1); @@ -1998,6 +1956,8 @@ rde_update_get_vpn4(u_char *p, u_int16_t len, struct bgpd_addr *prefix, prefix->aid = AID_VPN_IPv4; *prefixlen = pfxlen; + if (pfxlen > 32) + return (-1); if ((rv = rde_update_extract_prefix(p, len, &prefix->vpn4.addr, pfxlen, sizeof(prefix->vpn4.addr))) == -1) return (-1); -- 2.20.1