zebra: check pbr rule msg for correct afi

further down we hash the src & dst ip, which asserts that the afi is one of the well known ones, given the field names i assume the correct afis here are af_inet[6] Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
qlyoung · Jan 3, 2020 · 1457d31 · 1457d31
1 parent 869e434
commit 1457d31
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
@@ -2360,6 +2360,20 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
 		if (zpr.rule.filter.fwmark)
 			zpr.rule.filter.filter_bm |= PBR_FILTER_FWMARK;
 
+		if (!(zpr.rule.filter.src_ip.family == AF_INET
+		      || zpr.rule.filter.src_ip.family == AF_INET6)) {
+			zlog_warn("Unsupported PBR source IP family: %s\n",
+				  family2str(zpr.rule.filter.src_ip.family));
+			return;
+		}
+		if (!(zpr.rule.filter.dst_ip.family == AF_INET
+		      || zpr.rule.filter.dst_ip.family == AF_INET6)) {
+			zlog_warn("Unsupported PBR dest IP family: %s\n",
+				  family2str(zpr.rule.filter.dst_ip.family));
+			return;
+		}
+
+
 		zpr.vrf_id = zvrf->vrf->vrf_id;
 		if (hdr->command == ZEBRA_RULE_ADD)
 			zebra_pbr_add_rule(&zpr);