From 1f7ab1a2cc2a7079c9dd2cb791fc6ba3b9c5a6aa Mon Sep 17 00:00:00 2001 From: Mark Stapp Date: Thu, 17 Feb 2022 09:49:41 -0500 Subject: [PATCH] staticd: reject route config with too many nexthops Restrict the number of nexthops for a route to the compiled-in limit. Be careful with the zapi route struct's array of nexthops too. Signed-off-by: Mark Stapp --- staticd/static_nb_config.c | 7 ++++++- staticd/static_zebra.c | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/staticd/static_nb_config.c b/staticd/static_nb_config.c index d1b2c9eaa6..9ccffe53d9 100644 --- a/staticd/static_nb_config.c +++ b/staticd/static_nb_config.c @@ -115,7 +115,7 @@ static int static_path_list_tag_modify(struct nb_cb_modify_args *args) } struct nexthop_iter { - int count; + uint32_t count; bool blackhole; }; @@ -171,6 +171,11 @@ static bool static_nexthop_create(struct nb_cb_create_args *args) args->errmsg, args->errmsg_len, "Route cannot have blackhole and non-blackhole nexthops simultaneously"); return NB_ERR_VALIDATION; + } else if (iter.count > zebra_ecmp_count) { + snprintf(args->errmsg, args->errmsg_len, + "Route cannot have more than %d ECMP nexthops", + zebra_ecmp_count); + return NB_ERR_VALIDATION; } break; case NB_EV_PREPARE: diff --git a/staticd/static_zebra.c b/staticd/static_zebra.c index a62225294a..b75e1a1cdf 100644 --- a/staticd/static_zebra.c +++ b/staticd/static_zebra.c @@ -414,6 +414,10 @@ extern void static_zebra_route_add(struct static_path *pn, bool install) api.tableid = pn->table_id; } frr_each(static_nexthop_list, &pn->nexthop_list, nh) { + /* Don't overrun the nexthop array */ + if (nh_num == zebra_ecmp_count) + break; + api_nh = &api.nexthops[nh_num]; if (nh->nh_vrf_id == VRF_UNKNOWN) continue;