diff options
author | Maria Matejka <mq@ucw.cz> | 2022-06-07 10:35:48 +0200 |
---|---|---|
committer | Maria Matejka <mq@ucw.cz> | 2022-06-07 10:38:32 +0200 |
commit | 141fb51f1a3c22c45025426775c00f66c06406a7 (patch) | |
tree | 346a8a2bdb9eb0a4edf5ac3272a5cca5ec3da465 | |
parent | ad686c55c3fad13f39e44ee5732c38296caff782 (diff) |
IPv4 flowspec literals should reject IPv6 prefices in a well-behaved way
When writing flow4 { dst 2001:db8::dead:beef/128; }, BIRD crashed on an
not-well-debuggable segfault as it tried to copy the whole 128-bit
prefix into an IPv4-sized memory.
-rw-r--r-- | conf/confbase.Y | 11 | ||||
-rw-r--r-- | conf/flowspec.Y | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/conf/confbase.Y b/conf/confbase.Y index 6985783b..5f45c507 100644 --- a/conf/confbase.Y +++ b/conf/confbase.Y @@ -110,7 +110,7 @@ CF_DECLS %type <i> expr bool pxlen4 %type <time> expr_us time %type <a> ipa -%type <net> net_ip4_ net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa +%type <net> net_ip4_ net_ip4 net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa %type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_ net_ip6_sadr_ net_mpls_ %type <mls> label_stack_start label_stack @@ -303,6 +303,15 @@ net_: /* Networks - regular */ +net_ip4: + net_ip4_ + | CF_SYM_KNOWN { + if (($1->class != (SYM_CONSTANT | T_NET)) || (SYM_VAL($1).net->type != NET_IP4)) + cf_error("IPv4 network constant expected"); + $$ = * SYM_VAL($1).net; + } + ; + net_ip6: net_ip6_ | CF_SYM_KNOWN { diff --git a/conf/flowspec.Y b/conf/flowspec.Y index 56a7c5dc..dbdbdda5 100644 --- a/conf/flowspec.Y +++ b/conf/flowspec.Y @@ -142,7 +142,7 @@ flow_frag_opts: ; flow4_item: - flow_srcdst net_ip { + flow_srcdst net_ip4 { flow_builder_set_type(this_flow, $1); flow_builder4_add_pfx(this_flow, (net_addr_ip4 *) &($2)); } |