Fix incorrect validation logic (thanks @ishidawataru)

author: Eiichrio Watanabe <a16tochjp@gmail.com> 2017-01-12 00:12:22 +0900
committer: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> 2017-01-15 06:35:53 -0800
commit: 232eb9cb650b1e8b372004ac4046d88d202e85f1 (patch)
tree: 213165d17048a574d3ff8402003824a61197b434 /server
parent: 26536fdcea869e6f842ef3b19b04cc16f79f2b0c (diff)
1 files changed, 14 insertions, 10 deletions
diff --git a/server/rpki.go b/server/rpki.go
index 3d54b8c0..ae5e900a 100644
--- a/server/rpki.go
+++ b/server/rpki.go
@@ -513,21 +513,25 @@ func validatePath(ownAs uint32, tree *radix.Tree, cidr string, asPath *bgp.PathA
 	_, n, _ := net.ParseCIDR(cidr)
 	ones, _ := n.Mask.Size()
 	prefixLen := uint8(ones)
-	_, b, _ := tree.LongestPrefix(table.IpToRadixkey(n.IP, prefixLen))
+	key := table.IpToRadixkey(n.IP, prefixLen)
+	_, b, _ := tree.LongestPrefix(key)
 	if b == nil {
 		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND
 	}
 
-	bucket, _ := b.(*roaBucket)
-	for _, r := range bucket.entries {
-		if prefixLen > r.MaxLen {
-			continue
-		}
-		if r.AS == as {
-			return config.RPKI_VALIDATION_RESULT_TYPE_VALID
+	result := config.RPKI_VALIDATION_RESULT_TYPE_INVALID
+	fn := radix.WalkFn(func(k string, v interface{}) bool {
+		bucket, _ := v.(*roaBucket)
+		for _, r := range bucket.entries {
+			if prefixLen <= r.MaxLen && r.AS != 0 && r.AS == as {
+				result = config.RPKI_VALIDATION_RESULT_TYPE_VALID
+				return true
+			}
 		}
-	}
-	return config.RPKI_VALIDATION_RESULT_TYPE_INVALID
+		return false
+	})
+	tree.WalkPath(key, fn)
+	return result
 }
 
 func (c *roaManager) validate(pathList []*table.Path) {
author	Eiichrio Watanabe <a16tochjp@gmail.com>	2017-01-12 00:12:22 +0900
committer	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>	2017-01-15 06:35:53 -0800
commit	232eb9cb650b1e8b372004ac4046d88d202e85f1 (patch)
tree	213165d17048a574d3ff8402003824a61197b434 /server
parent	26536fdcea869e6f842ef3b19b04cc16f79f2b0c (diff)