From 0ac9ac9b2561dceb430e96b2a7973a1a05ab61a0 Mon Sep 17 00:00:00 2001
From: FUJITA Tomonori <fujita.tomonori@gmail.com>
Date: Wed, 21 Oct 2020 09:18:22 +0900
Subject: packet: handle malformed prefix len

Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
---
 pkg/packet/bgp/bgp.go      |  5 +++++
 pkg/packet/bgp/bgp_test.go | 10 ++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/pkg/packet/bgp/bgp.go b/pkg/packet/bgp/bgp.go
index 0bb399b7..ee4feb09 100644
--- a/pkg/packet/bgp/bgp.go
+++ b/pkg/packet/bgp/bgp.go
@@ -1185,6 +1185,11 @@ func (r *IPAddrPrefixDefault) decodePrefix(data []byte, bitlen uint8, addrlen ui
 		eSubCode := uint8(BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST)
 		return NewMessageError(eCode, eSubCode, nil, "network bytes is short")
 	}
+	if bitlen > addrlen*8 {
+		eCode := uint8(BGP_ERROR_UPDATE_MESSAGE_ERROR)
+		eSubCode := uint8(BGP_ERROR_SUB_MALFORMED_ATTRIBUTE_LIST)
+		return NewMessageError(eCode, eSubCode, nil, "network bit length is too long")
+	}
 	b := make([]byte, addrlen)
 	copy(b, data[:bytelen])
 	// clear trailing bits in the last byte. rfc doesn't require
diff --git a/pkg/packet/bgp/bgp_test.go b/pkg/packet/bgp/bgp_test.go
index 2f4b4588..d821d072 100644
--- a/pkg/packet/bgp/bgp_test.go
+++ b/pkg/packet/bgp/bgp_test.go
@@ -84,6 +84,12 @@ func Test_IPAddrPrefixString(t *testing.T) {
 	assert.Equal(t, "3343:faba:3903:128::/63", ipv6.String())
 }
 
+func Test_IPAddrDecode(t *testing.T) {
+	r := IPAddrPrefixDefault{}
+	b := make([]byte, 16)
+	r.decodePrefix(b, 33, 4)
+}
+
 func Test_RouteTargetMembershipNLRIString(t *testing.T) {
 	assert := assert.New(t)
 
@@ -667,7 +673,7 @@ func Test_AddPath(t *testing.T) {
 		n1.SetPathLocalIdentifier(20)
 		bits, err := n1.Serialize(opt)
 		assert.Nil(err)
-		n2 := NewLabeledVPNIPAddrPrefix(0, "", MPLSLabelStack{}, nil)
+		n2 := NewLabeledVPNIPv6AddrPrefix(0, "", MPLSLabelStack{}, nil)
 		err = n2.DecodeFromBytes(bits, opt)
 		assert.Nil(err)
 		assert.Equal(n2.PathIdentifier(), uint32(20))
@@ -690,7 +696,7 @@ func Test_AddPath(t *testing.T) {
 		n1.SetPathLocalIdentifier(20)
 		bits, err := n1.Serialize(opt)
 		assert.Nil(err)
-		n2 := NewLabeledIPAddrPrefix(0, "", MPLSLabelStack{})
+		n2 := NewLabeledIPv6AddrPrefix(0, "", MPLSLabelStack{})
 		err = n2.DecodeFromBytes(bits, opt)
 		assert.Nil(err)
 		assert.Equal(n2.PathIdentifier(), uint32(20))
-- 
cgit v1.2.3