Skip to content
Permalink
Browse files

tools/rpki-rov: improve input validation

The input validation was insufficient which could lead to buffer
overflows, uninitialized jumps and undefined behaviour.

coverity: 1477248
  • Loading branch information...
mroethke authored and smlng committed Feb 27, 2019
1 parent e7f961f commit 5a86aa4190bd44b306bbd791f1c32d90bd156bf1
Showing with 44 additions and 8 deletions.
  1. +44 −8 tools/rpki-rov.c
@@ -11,6 +11,8 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <arpa/inet.h>
#include "rtrlib/rtrlib.h"

const int connection_timeout = 20;
@@ -43,6 +45,18 @@ static int connection_error(enum rtr_mgr_status status)
return 0;
}

static int str_to_int(const char *str, int *value)
{
errno = 0;
int tmp = strtol(str, NULL, 10);

if (errno != 0)
return 1;

*value = tmp;
return 0;
}

int main(int argc, char *argv[])
{
/* check arguments, need hostname/IP and port of cache-server */
@@ -97,9 +111,6 @@ int main(int argc, char *argv[])
}
}

char ip[128];
int mask;
int asn;
int counter;
/* loop for input */
while (1) {
@@ -141,17 +152,42 @@ int main(int argc, char *argv[])
char *input_tok = NULL;

input_tok = strtok(input, delims);
strcpy(ip, input_tok);
struct lrtr_ip_addr pref;
char ip[INET6_ADDRSTRLEN];

if (strlen(input_tok) > sizeof(ip) - 1) {
fprintf(stderr, "Error: Invalid ip addr\n");
continue;
}

memset(ip, 0, sizeof(ip));
strncpy(ip, input_tok, sizeof(ip) - 1);

if (lrtr_ip_str_to_addr(ip, &pref) != 0) {
fprintf(stderr, "Error: Invalid ip addr\n");
continue;
}

input_tok = strtok(NULL, delims);
mask = atoi(input_tok);
input_tok = strtok(NULL, delims); asn = atoi(input_tok);
int mask;

if (str_to_int(input_tok, &mask)) {
fprintf(stderr, "Error: Invalid mask\n");
continue;
}

input_tok = strtok(NULL, delims);
int asn;

if (str_to_int(input_tok, &asn)) {
fprintf(stderr, "Error: Invalid asn\n");
continue;
}

struct lrtr_ip_addr pref;
enum pfxv_state result;
struct pfx_record *reason = NULL;
unsigned int reason_len = 0;

lrtr_ip_str_to_addr(ip, &pref);
/* do validation */
pfx_table_validate_r(groups[0].sockets[0]->pfx_table, &reason,
&reason_len, asn, &pref, mask, &result);

0 comments on commit 5a86aa4

Please sign in to comment.
You can’t perform that action at this time.