summaryrefslogtreecommitdiff
path: root/proto/rpki
diff options
context:
space:
mode:
authorMaria Matejka <mq@ucw.cz>2022-02-04 15:21:16 +0100
committerMaria Matejka <mq@ucw.cz>2022-02-04 15:21:16 +0100
commit92e48894c379862003efe0a752411751e298b54e (patch)
tree3e6c4b955ba4893ff066e4ebd70e5d1db867a81f /proto/rpki
parent28a43d53e7189524ad6312d04a5d12c90f27212d (diff)
parent75aceadaf746f8ed0acce0424f89903283dacf16 (diff)
Merge commit '75aceadaf746f8ed0acce0424f89903283dacf16' into sark-bgp-rebased
Diffstat (limited to 'proto/rpki')
-rw-r--r--proto/rpki/packets.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c
index abe6abfc..d7895a22 100644
--- a/proto/rpki/packets.c
+++ b/proto/rpki/packets.c
@@ -729,6 +729,33 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
net_addr_union addr = {};
rpki_prefix_pdu_2_net_addr(pdu, &addr);
+ if (type == IPV4_PREFIX)
+ {
+ if ((addr.roa4.pxlen > addr.roa4.max_pxlen) ||
+ (addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH))
+ {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid pxlen or max_pxlen");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Corrupted PDU: invalid pxlen or max_pxlen");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+ else
+ {
+ if ((addr.roa6.pxlen > addr.roa6.max_pxlen) ||
+ (addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH))
+ {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid pxlen or max_pxlen");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Corrupted PDU: invalid pxlen or max_pxlen");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+
if (cf->ignore_max_length)
{
if (type == IPV4_PREFIX)