From: pcarana <pc.moreno2099@gmail.com>
Date: Wed, 3 Jul 2019 20:19:27 +0000 (-0500)
Subject: Fix bug: ROAs ASN wasn't validated against the allowed advertising
X-Git-Tag: v1.1.0~1^2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9f07ee2;p=thirdparty%2FFORT-validator.git

Fix bug: ROAs ASN wasn't validated against the allowed advertising
---

diff --git a/src/object/roa.c b/src/object/roa.c
index e971f5fb..566961ef 100644
--- a/src/object/roa.c
+++ b/src/object/roa.c
@@ -66,6 +66,12 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn,
 		goto end_error;
 	}
 
+	if (!resources_contains_asn(parent, asn)) {
+		error = pr_err("ROA is not allowed to advertise ASN %lu.",
+		    asn);
+		goto end_error;
+	}
+
 	pr_debug_rm("}");
 	return vhandler_handle_roa_v4(asn, &prefix, max_length);
 end_error:
@@ -120,6 +126,12 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn,
 		goto end_error;
 	}
 
+	if (!resources_contains_asn(parent, asn)) {
+		error = pr_err("ROA is not allowed to advertise ASN %lu.",
+		    asn);
+		goto end_error;
+	}
+
 	pr_debug_rm("}");
 	return vhandler_handle_roa_v6(asn, &prefix, max_length);
 end_error: