diff options
author | Job Snijders <job@fastly.com> | 2021-12-18 16:35:28 +0100 |
---|---|---|
committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2021-12-18 16:35:28 +0100 |
commit | b9f38727a7ba7c9c7e383ade80dbf77086dfce05 (patch) | |
tree | c2017a6866e927561fec65b1bfb6c6f646d5f9ca /proto/bgp | |
parent | 00410fd6c17697a5919cb32a44f7117dd3a0834a (diff) |
RPKI: Add contextual out-of-bound checks in RTR Prefix PDU handler
RFC 6810 and RFC 8210 specify that the "Max Length" value MUST NOT be
less than the Prefix Length element (underflow). On the other side,
overflow of the Max Length element also is possible, it being an 8-bit
unsigned integer allows for values larger than 32 or 128. This also
implicitly ensures there is no overflow of "Length" value.
When a PDU is received where the Max Length field is corrputed, the RTR
client (BIRD) should immediately terminate the session, flush all data
learned from that cache, and log an error for the operator.
Minor changes done by commiter.
Diffstat (limited to 'proto/bgp')
0 files changed, 0 insertions, 0 deletions