Skip to content
Permalink
Browse files

Merge pull request #4648 from ton31337/feature/validate_lcommunity_6.0

bgpd: [6.0] Validate large-community-list against UINT_MAX
  • Loading branch information...
donaldsharp committed Jul 9, 2019
2 parents 0c3558c + 8ba82d5 commit be96b27960eaa75cde88320230618bdb877251b8
Showing with 31 additions and 0 deletions.
  1. +31 −0 bgpd/bgp_clist.c
@@ -26,6 +26,7 @@
#include "queue.h"
#include "filter.h"
#include "stream.h"
#include "frrstr.h"

#include "bgpd/bgpd.h"
#include "bgpd/bgp_community.h"
@@ -971,6 +972,33 @@ struct lcommunity *lcommunity_list_match_delete(struct lcommunity *lcom,
return lcom;
}

/* Helper to check if every octet do not exceed UINT_MAX */
static int lcommunity_list_valid(const char *community)
{
int octets = 0;
char **splits;
int num;

frrstr_split(community, ":", &splits, &num);

for (int i = 0; i < num; i++) {
if (strtoul(splits[i], NULL, 10) > UINT_MAX)
return 0;

if (strlen(splits[i]) == 0)
return 0;

octets++;
XFREE(MTYPE_TMP, splits[i]);
}
XFREE(MTYPE_TMP, splits);

if (octets < 3)
return 0;

return 1;
}

/* Set lcommunity-list. */
int lcommunity_list_set(struct community_list_handler *ch, const char *name,
const char *str, int direct, int style)
@@ -999,6 +1027,9 @@ int lcommunity_list_set(struct community_list_handler *ch, const char *name,
}

if (str) {
if (!lcommunity_list_valid(str))
return COMMUNITY_LIST_ERR_MALFORMED_VAL;

if (style == LARGE_COMMUNITY_LIST_STANDARD)
lcom = lcommunity_str2com(str);
else

0 comments on commit be96b27

Please sign in to comment.
You can’t perform that action at this time.