ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VPP-1481: fixed tlv length checking & added tests

Browse Source 
Change-Id: I9375bca5f5136c84d801dbd635929bb1c37d75b4
Signed-off-by: Filip Varga <filip.varga@pantheon.tech>
This commit is contained in:
Filip Varga
2018-11-05 09:41:56 +01:00
committed by Damjan Marion
parent 55c6c4a422
commit 3206bb15aa
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/plugins/cdp/cdp_input.c
View File

@ -93,8 +93,11 @@ format_text_tlv (u8 * s, va_list * va)
s = format (s, "%s(%d): ", h->name, t->t); s = format (s, "%s(%d): ", h->name, t->t);
for (i = 0; i < (t->l - sizeof (*t)); i++) if (t->l >= 4)
vec_add1 (s, t->v[i]); {
for (i = 0; i < (t->l - sizeof (*t)); i++)
vec_add1 (s, t->v[i]);
}
vec_add1 (s, '\n'); vec_add1 (s, '\n');
return s; return s;
@ -284,9 +287,14 @@ cdp_packet_scan (cdp_main_t * cm, cdp_neighbor_t * n)
tlv->l = ntohs (tlv->l); tlv->l = ntohs (tlv->l);
/* tlv length includes t, l and v */ /* tlv length includes t, l and v */
if (tlv->l < 4)
return CDP_ERROR_BAD_TLV;
cur += tlv->l; cur += tlv->l;
if ((cur - 1) > end) if ((cur - 1) > end)
return CDP_ERROR_BAD_TLV; return CDP_ERROR_BAD_TLV;
/* /*
* Only process known TLVs. In practice, certain * Only process known TLVs. In practice, certain
* devices send tlv->t = 0xFF, perhaps as an EOF of sorts. * devices send tlv->t = 0xFF, perhaps as an EOF of sorts.

12
test/test_cdp.py
View File

@ -91,9 +91,15 @@ class TestCDP(VppTestCase):
self.assert_equal(system, self.device_id, self.assert_equal(system, self.device_id,
"CDP received invalid device id") "CDP received invalid device id")
def test_send_cdp_bad_packet(self): def test_cdp_underflow_tlv(self):
self.send_bad_packet(3, ".")
def test_cdp_overflow_tlv(self):
self.send_bad_packet(8, ".")
def send_bad_packet(self, l, v):
self.logger.info(self.vapi.cli("cdp enable")) self.logger.info(self.vapi.cli("cdp enable"))
self.send_packet(self.create_bad_packet(8, ".")) self.send_packet(self.create_bad_packet(l, v))
errors = list(self.show_errors()) errors = list(self.show_errors())
self.assertTrue(errors) self.assertTrue(errors)
@ -102,7 +108,7 @@ class TestCDP(VppTestCase):
for count, node, reason in errors: for count, node, reason in errors:
if (node == u'cdp-input' and if (node == u'cdp-input' and
reason == u'cdp packets with bad TLVs' and reason == u'cdp packets with bad TLVs' and
int(count) == 1): int(count) >= 1):
expected_errors = True expected_errors = True
break break