On Sun, Nov 14, 2021 at 07:26:44PM +0100, Job Snijders wrote: > Ping :-)
Thanks, merged. Sorry for keeping it open for so long. btw, the original 2-condition patch was ok, because condition addr.roaX.pxlen <= IPX_MAX_PREFIX_LENGTH is deduced from transitivity. > On Fri, 17 Sep 2021 at 21:34, Job Snijders <[email protected]> wrote: > > > Hi, > > > > I've aligned the text that is locally logged with the encapsulated error > > message sent to the broken RPKI cache. Also fixed a compiler warning > > that snuck into my previous patch: now passing the correct pointer > > (hton_pdu) to rpki_send_error_pdu(). > > > > Kind regards, > > > > Job > > > > diff --git proto/rpki/packets.c proto/rpki/packets.c > > index dd11f997..7a1eeb0f 100644 > > --- proto/rpki/packets.c > > +++ proto/rpki/packets.c > > @@ -737,6 +737,30 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache, > > const struct pdu_header *pdu) > > net_addr_union addr = {}; > > rpki_prefix_pdu_2_net_addr(pdu, &addr); > > > > + if (type == IPV4_PREFIX) { > > + if (addr.roa4.max_pxlen < addr.roa4.pxlen > > + || addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH > > + || addr.roa4.pxlen > IP4_MAX_PREFIX_LENGTH) { > > + RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache > > server: invalid pxlen or max_pxlen"); > > + byte tmp[pdu->len]; > > + const struct pdu_header *hton_pdu = > > rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu); > > + rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, > > "Corrupted PDU: invalid pxlen or max_pxlen"); > > + rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL); > > + return RPKI_ERROR; > > + } > > + } else { > > + if (addr.roa6.max_pxlen < addr.roa6.pxlen > > + || addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH > > + || addr.roa6.pxlen > IP6_MAX_PREFIX_LENGTH) { > > + RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache > > server: invalid pxlen or max_pxlen"); > > + byte tmp[pdu->len]; > > + const struct pdu_header *hton_pdu = > > rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu); > > + rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, > > "Corrupted PDU: invalid pxlen or max_pxlen"); > > + rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL); > > + return RPKI_ERROR; > > + } > > + } > > + > > if (cf->ignore_max_length) > > { > > if (type == IPV4_PREFIX) > > -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
