Add verification for MP_REACH_NLRI nexthop address length field

Change-Id: I86571dba9948e9a91e59b01ed690d6e6a514aa49 Closes-Bug: 1517210
Juniper · Nov 17, 2015 · 12da02f · 12da02f
1 parent 2b57fac
commit 12da02f
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 12 deletions.
diff --git a/src/bgp/bgp_proto.cc b/src/bgp/bgp_proto.cc
@@ -1149,6 +1149,29 @@ class BgpPathAttributeMpNlriNextHopLength :
 public:
     static const int kSize = 1;
     typedef int SequenceLength;
+    static bool Verifier(const BgpMpNlri *obj, const uint8_t *data, size_t size,
+                         ParseContext *context) {
+        uint8_t len = data[0];
+        uint16_t afi = obj->afi;
+        uint8_t safi = obj->safi;
+        if (afi == BgpAf::IPv4 && safi == BgpAf::Unicast) {
+            return (len == Address::kMaxV4Bytes);
+        } else if (afi == BgpAf::IPv4 && safi == BgpAf::Vpn) {
+            return (len == RouteDistinguisher::kSize + Address::kMaxV4Bytes);
+        } else if (afi == BgpAf::IPv6 && safi == BgpAf::Unicast) {
+            return (len == Address::kMaxV6Bytes ||
+                len == 2 * Address::kMaxV6Bytes);
+        } else if (afi == BgpAf::IPv6 && safi == BgpAf::Vpn) {
+            return (len == RouteDistinguisher::kSize + Address::kMaxV6Bytes);
+        } else if (afi == BgpAf::L2Vpn && safi == BgpAf::EVpn) {
+            return (len == Address::kMaxV4Bytes);
+        } else if (afi == BgpAf::IPv4 && safi == BgpAf::RTarget) {
+            return (len == Address::kMaxV4Bytes);
+        } else if (afi == BgpAf::IPv4 && safi == BgpAf::ErmVpn) {
+            return (len == Address::kMaxV4Bytes);
+        }
+        return false;
+    }
 };
 
 

diff --git a/src/bgp/test/bgp_message_test.h b/src/bgp/test/bgp_message_test.h
@@ -6,6 +6,7 @@
 #define BGP_MESSAGE_TEST_H_
 
 using namespace std;
+
 class BgpMessageTest {
 public:
     static void GenerateOpenMessage(BgpProto::OpenMessage *open) {
@@ -80,8 +81,15 @@ class BgpMessageTest {
         BgpMpNlri *mp_nlri = new BgpMpNlri(BgpAttribute::MPReachNlri);
         mp_nlri->afi = afi;
         mp_nlri->safi = safi;
-        uint8_t nh[3] = {192,168,1};
-        mp_nlri->nexthop.assign(&nh[0], &nh[3]);
+        uint8_t nh[4] = {192,168,1,1};
+        if (afi == BgpAf::IPv4 && safi == BgpAf::Vpn) {
+            mp_nlri->nexthop.resize(12);
+            copy(&nh[0], &nh[4], mp_nlri->nexthop.begin() + 8);
+        } else {
+            mp_nlri->nexthop.resize(4);
+            copy(&nh[0], &nh[4], mp_nlri->nexthop.begin());
+        }
+
         prefix = new BgpProtoPrefix;
         if (afi == BgpAf::L2Vpn && safi == BgpAf::EVpn) {
             prefix->type = 2;

diff --git a/src/bgp/test/bgp_proto_test.cc b/src/bgp/test/bgp_proto_test.cc
@@ -143,7 +143,7 @@ class BuildUpdateMessage {
         mp_nlri->code = BgpAttribute::MPReachNlri;
         mp_nlri->afi = 1;
         mp_nlri->safi = 128;
-        for (int nh_len = rand() % 12; nh_len > 0; nh_len--) {
+        for (int nh_len = 12; nh_len > 0; nh_len--) {
             mp_nlri->nexthop.push_back((char)rand());
         }
         int len = rand() % kMaxRoutes;
@@ -537,19 +537,20 @@ TEST_F(BgpProtoTest, OpenError) {
 TEST_F(BgpProtoTest, UpdateError) {
     uint8_t data[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-                       0x00, 0x72, 0x02, 0x00, 0x07, 0x09, 0x01, 0x02,
-                       0x14, 0x01, 0x02, 0x03, 0x00, 0x4f, 0x10, 0x01,
+                       0x00, 0x7b, 0x02, 0x00, 0x07, 0x09, 0x01, 0x02,
+                       0x14, 0x01, 0x02, 0x03, 0x00, 0x58, 0x10, 0x01,
                        0x00, 0x01, 0x02, 0x40, 0x03, 0x04, 0xab, 0xcd,
                        0xef, 0x01, 0x40, 0x06, 0x00, 0xc0, 0x07, 0x06,
                        0xfa, 0xce, 0xca, 0xfe, 0xba, 0xbe, 0x40, 0x02,
                        0x08, 0x01, 0x03, 0x00, 0x14, 0x00, 0x15, 0x00,
                        0x16, 0xc0, 0x08, 0x04, 0x87, 0x65, 0x43, 0x21,
-                       0x90, 0x0e, 0x00, 0x0c, 0x00, 0x01, 0x80, 0x03,
-                       0x61, 0x62, 0x64, 0x00, 0x14, 0x01, 0x02, 0x03,
-                       0x90, 0x0f, 0x00, 0x06, 0x00, 0x01, 0x80, 0x09,
-                       0x01, 0x02, 0xc0, 0x10, 0x08, 0x10, 0x20, 0x30,
-                       0x40, 0x50, 0x60, 0x70, 0x80, 0x04, 0x01, 0x0a,
-                       0x01, 0x02 };
+                       0x90, 0x0e, 0x00, 0x15, 0x00, 0x01, 0x80, 0x0c,
+                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                       0x61, 0x62, 0x63, 0x64, 0x00, 0x14, 0x01, 0x02,
+                       0x03, 0x90, 0x0f, 0x00, 0x06, 0x00, 0x01, 0x80,
+                       0x09, 0x01, 0x02, 0xc0, 0x10, 0x08, 0x10, 0x20,
+                       0x30, 0x40, 0x50, 0x60, 0x70, 0x80, 0x04, 0x01,
+                       0x0a, 0x01, 0x02 };
     // withdrawn routes error
     data[19] = 0xff;
     ParseAndVerifyError(data, sizeof(data), BgpProto::Notification::UpdateMsgErr,
@@ -722,7 +723,8 @@ TEST_F(BgpProtoTest, UpdateScale) {
     mp_nlri->afi = 1;
     mp_nlri->safi = 128;
     uint8_t nh[4] = {192,168,1,1};
-    mp_nlri->nexthop.assign(&nh[0], &nh[4]);
+    mp_nlri->nexthop.resize(12);
+    copy(&nh[0], &nh[4], mp_nlri->nexthop.begin() + 8);
     for (int i = 0; i < kMaxRoutes; i++) {
         BgpProtoPrefix *prefix = new BgpProtoPrefix;
         int len = rand() % 12;