matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

Merge pull request #18472 from zmw12306/Update-TLV

Browse source 
babeld: Add input validation for update TLV.
This commit is contained in:
Jafar Al-Gharaibeh 2025-04-10 09:59:13 -05:00 committed by GitHub
parent 2355683c72 c2e69624ba
commit fc3e1ec15f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 23 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
babeld/message.c
View file

@ -591,6 +591,20 @@ parse_packet(const unsigned char *from, struct interface *ifp,
int rc, parsed_len;
bool ignore_update = false;
// Basic sanity check on length
if (len < 10) {
if (len < 2 || (message[3] & 0x80)) {
have_v4_prefix = have_v6_prefix = 0;
}
goto fail;
}
if(!known_ae(message[2])) {
debugf(BABEL_DEBUG_COMMON,"Received update with unknown AE %d. Ignoring.",
message[2]);
goto done;
}
DO_NTOHS(interval, message + 6);
DO_NTOHS(seqno, message + 8);
DO_NTOHS(metric, message + 10);
@ -629,7 +643,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
}
have_router_id = 1;
}
if(!have_router_id && message[2] != 0) {
if(metric < INFINITY && !have_router_id && message[2] != 0) {
flog_err(EC_BABEL_PACKET,
"Received prefix with no router id.");
goto fail;
@ -641,9 +655,15 @@ parse_packet(const unsigned char *from, struct interface *ifp,
format_address(from), ifp->name);
if(message[2] == 0) {
if(metric < 0xFFFF) {
if(metric < INFINITY) {
flog_err(EC_BABEL_PACKET,
"Received wildcard update with finite metric.");
"Received wildcard update with finite metric.");
goto done;
}
// Add check for Plen and Omitted
if(message[4] != 0 || message[5] != 0) {
flog_err(EC_BABEL_PACKET,
"Received wildcard retraction with non-zero Plen or Omitted.");
goto done;
}
retract_neighbour_routes(neigh);