diff options
| author | Sergey Elantsev <elantsev.s@yandex.ru> | 2021-01-23 22:56:17 +0300 |
|---|---|---|
| committer | Sergey Elantsev <elantsev.s@yandex.ru> | 2021-01-23 22:56:17 +0300 |
| commit | 43c62634fdd8ff8e1deb2c20251bbc37718752aa (patch) | |
| tree | 5a8ab02c2dd6582d4330826d36c0ccabd1218306 /pkg/packet/bgp/bgp.go | |
| parent | c70d99cc913502714aedc847b88486b9d00503f2 (diff) | |
fixed panics on parsing malicious bgp packets
Diffstat (limited to 'pkg/packet/bgp/bgp.go')
| -rw-r--r-- | pkg/packet/bgp/bgp.go | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/pkg/packet/bgp/bgp.go b/pkg/packet/bgp/bgp.go index 263d684a..c55c4681 100644 --- a/pkg/packet/bgp/bgp.go +++ b/pkg/packet/bgp/bgp.go @@ -1770,6 +1770,10 @@ func (l *LabeledVPNIPAddrPrefix) DecodeFromBytes(data []byte, options ...*Marsha } data = data[l.Labels.Len():] l.RD = GetRouteDistinguisher(data) + rdLen := l.RD.Len() + if len(data) < rdLen { + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "bad labeled VPN-IPv4 NLRI length") + } data = data[l.RD.Len():] restbits := int(l.Length) - 8*(l.Labels.Len()+l.RD.Len()) return l.decodePrefix(data, uint8(restbits), l.addrlen) @@ -2130,6 +2134,9 @@ type EthernetSegmentIdentifier struct { } func (esi *EthernetSegmentIdentifier) DecodeFromBytes(data []byte) error { + if len(data) < 10 { + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, fmt.Sprintf("invalid %s length", esi.Type.String())) + } esi.Type = ESIType(data[0]) esi.Value = data[1:10] switch esi.Type { @@ -2376,6 +2383,10 @@ func (er *EVPNEthernetAutoDiscoveryRoute) Len() int { func (er *EVPNEthernetAutoDiscoveryRoute) DecodeFromBytes(data []byte) error { er.RD = GetRouteDistinguisher(data) + rdLen := er.RD.Len() + if len(data) < rdLen + 14 { // 14 is 10 for + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "bad Ethernet Auto-discovery Route length") + } data = data[er.RD.Len():] err := er.ESI.DecodeFromBytes(data) if err != nil { @@ -2476,6 +2487,10 @@ func (er *EVPNMacIPAdvertisementRoute) Len() int { func (er *EVPNMacIPAdvertisementRoute) DecodeFromBytes(data []byte) error { er.RD = GetRouteDistinguisher(data) + rdLen := er.RD.Len() + if len(data) < rdLen { + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "bad length of MAC/IP Advertisement Route") + } data = data[er.RD.Len():] err := er.ESI.DecodeFromBytes(data) if err != nil { @@ -2628,6 +2643,10 @@ func (er *EVPNMulticastEthernetTagRoute) Len() int { func (er *EVPNMulticastEthernetTagRoute) DecodeFromBytes(data []byte) error { er.RD = GetRouteDistinguisher(data) + rdLen := er.RD.Len() + if len(data) < rdLen + 4 { + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "invalid length of multicast ethernet tag route") + } data = data[er.RD.Len():] er.ETag = binary.BigEndian.Uint32(data[0:4]) er.IPAddressLength = data[4] @@ -2722,6 +2741,10 @@ func (er *EVPNEthernetSegmentRoute) Len() int { func (er *EVPNEthernetSegmentRoute) DecodeFromBytes(data []byte) error { er.RD = GetRouteDistinguisher(data) + rdLen := er.RD.Len() + if len(data) < rdLen { + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "invalid Ethernet Segment Route length") + } data = data[er.RD.Len():] er.ESI.DecodeFromBytes(data) data = data[10:] @@ -4387,6 +4410,9 @@ func (n *FlowSpecNLRI) decodeFromBytes(rf RouteFamily, data []byte, options ...* } else { return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "not all flowspec component bytes available") } + if len(data) < length { + return NewMessageError(BGP_ERROR_UPDATE_MESSAGE_ERROR, BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST, nil, "not all flowspec component bytes available") + } n.rf = rf |