summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaria Matejka <mq@ucw.cz>2022-06-07 10:35:48 +0200
committerMaria Matejka <mq@ucw.cz>2022-06-07 10:38:32 +0200
commit141fb51f1a3c22c45025426775c00f66c06406a7 (patch)
tree346a8a2bdb9eb0a4edf5ac3272a5cca5ec3da465
parentad686c55c3fad13f39e44ee5732c38296caff782 (diff)
IPv4 flowspec literals should reject IPv6 prefices in a well-behaved way
When writing flow4 { dst 2001:db8::dead:beef/128; }, BIRD crashed on an not-well-debuggable segfault as it tried to copy the whole 128-bit prefix into an IPv4-sized memory.
-rw-r--r--conf/confbase.Y11
-rw-r--r--conf/flowspec.Y2
2 files changed, 11 insertions, 2 deletions
diff --git a/conf/confbase.Y b/conf/confbase.Y
index 6985783b..5f45c507 100644
--- a/conf/confbase.Y
+++ b/conf/confbase.Y
@@ -110,7 +110,7 @@ CF_DECLS
%type <i> expr bool pxlen4
%type <time> expr_us time
%type <a> ipa
-%type <net> net_ip4_ net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa
+%type <net> net_ip4_ net_ip4 net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa
%type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_ net_ip6_sadr_ net_mpls_
%type <mls> label_stack_start label_stack
@@ -303,6 +303,15 @@ net_:
/* Networks - regular */
+net_ip4:
+ net_ip4_
+ | CF_SYM_KNOWN {
+ if (($1->class != (SYM_CONSTANT | T_NET)) || (SYM_VAL($1).net->type != NET_IP4))
+ cf_error("IPv4 network constant expected");
+ $$ = * SYM_VAL($1).net;
+ }
+ ;
+
net_ip6:
net_ip6_
| CF_SYM_KNOWN {
diff --git a/conf/flowspec.Y b/conf/flowspec.Y
index 56a7c5dc..dbdbdda5 100644
--- a/conf/flowspec.Y
+++ b/conf/flowspec.Y
@@ -142,7 +142,7 @@ flow_frag_opts:
;
flow4_item:
- flow_srcdst net_ip {
+ flow_srcdst net_ip4 {
flow_builder_set_type(this_flow, $1);
flow_builder4_add_pfx(this_flow, (net_addr_ip4 *) &($2));
}