Cisco IOS: do not crash on malformed pool (#6568)

batfish · Jan 15, 2021 · f31dab4 · f31dab4
1 parent 8322769
commit f31dab4
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/projects/batfish/src/main/java/org/batfish/grammar/cisco/CiscoControlPlaneExtractor.java b/projects/batfish/src/main/java/org/batfish/grammar/cisco/CiscoControlPlaneExtractor.java
@@ -6128,6 +6128,10 @@ public void exitIpn_pool_prefix(Ipn_pool_prefixContext ctx) {
     String name = _currentIosNatPoolName;
     Ip first = toIp(ctx.first);
     Ip last = toIp(ctx.last);
+    if (first.compareTo(last) > 0) {
+      warn(ctx, String.format("Skipping malformed NAT pool %s. First IP > End Ip", name));
+      return;
+    }
     if (ctx.mask != null) {
       Prefix subnet = IpWildcard.ipWithWildcardMask(first, toIp(ctx.mask).inverted()).toPrefix();
       createNatPool(name, first, last, subnet, ctx);
@@ -6145,6 +6149,10 @@ public void exitIpn_pool_range(Ipn_pool_rangeContext ctx) {
     String name = _currentIosNatPoolName;
     Ip first = toIp(ctx.first);
     Ip last = toIp(ctx.last);
+    if (first.compareTo(last) > 0) {
+      warn(ctx, String.format("Skipping malformed NAT pool %s. First IP > End Ip", name));
+      return;
+    }
     if (ctx.prefix_length != null) {
       Prefix subnet = Prefix.create(first, Integer.parseInt(ctx.prefix_length.getText()));
       createNatPool(name, first, last, subnet, ctx);

diff --git a/projects/batfish/src/test/java/org/batfish/grammar/cisco/CiscoGrammarTest.java b/projects/batfish/src/test/java/org/batfish/grammar/cisco/CiscoGrammarTest.java
@@ -7361,4 +7361,11 @@ public void testIosVrfLeakingRoutes() throws IOException {
                     hasNextHop(NextHopVrf.of("SRC_VRF"))))));
     assertThat(ribs.get("DST_IMPOSSIBLE").getRoutes(), empty());
   }
+
+  @Test
+  public void testNatMalformedNatPool() throws IOException {
+    String hostname = "ios-nat-malformed-pool";
+    // Do not crash
+    parseConfig(hostname);
+  }
 }
diff --git a/...s/batfish/src/test/resources/org/batfish/grammar/cisco/testconfigs/ios-nat-malformed-pool b/...s/batfish/src/test/resources/org/batfish/grammar/cisco/testconfigs/ios-nat-malformed-pool
@@ -0,0 +1,11 @@
+hostname ios-nat-malformed-pool
+
+interface Ethernet1
+  ip nat outside
+  ip address 3.3.3.3 255.255.255.248
+
+ip access-list standard LIST
+ permit 1.1.1.1 0.0.0.255
+! Note the pool is not a valid range
+ip nat pool SNOOKER 10.1.1.10 10.1.1.5 netmask 255.255.255.0
+ip nat outside source list LIST pool SNOOKER