]> git.ipfire.org Git - thirdparty/FORT-validator.git/commitdiff
projects / thirdparty / FORT-validator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24c0fca)
Fix bug: ROAs ASN wasn't validated against the allowed advertising
authorpcarana <pc.moreno2099@gmail.com>
Wed, 3 Jul 2019 20:19:27 +0000 (15:19 -0500)
committerpcarana <pc.moreno2099@gmail.com>
Wed, 3 Jul 2019 20:32:30 +0000 (15:32 -0500)
src/object/roa.c patch | blob | blame | history

diff --git a/src/object/roa.c b/src/object/roa.c
index e971f5fb8998f24095f5973b79b77a71f47efaaa..566961ef3ceb8943c34545aec7fee318a2d649d8 100644 (file)
--- a/src/object/roa.c
+++ b/src/object/roa.c
@@ -66,6 +66,12 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn,
                goto end_error;
        }
 
+       if (!resources_contains_asn(parent, asn)) {
+               error = pr_err("ROA is not allowed to advertise ASN %lu.",
+                   asn);
+               goto end_error;
+       }
+
        pr_debug_rm("}");
        return vhandler_handle_roa_v4(asn, &prefix, max_length);
 end_error:
@@ -120,6 +126,12 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn,
                goto end_error;
        }
 
+       if (!resources_contains_asn(parent, asn)) {
+               error = pr_err("ROA is not allowed to advertise ASN %lu.",
+                   asn);
+               goto end_error;
+       }
+
        pr_debug_rm("}");
        return vhandler_handle_roa_v6(asn, &prefix, max_length);
 end_error:
Mirror of https://github.com/NICMx/FORT-validator.git