IPv4 flowspec literals should reject IPv6 prefices in a well-behaved way

When writing flow4 { dst 2001:db8::dead:beef/128; }, BIRD crashed on an
not-well-debuggable segfault as it tried to copy the whole 128-bit
prefix into an IPv4-sized memory.

diff --git a/conf/confbase.Y b/conf/confbase.Y
index 6985783b4531bf5ae23804a70210b80f4efaf176..5f45c5075e576c10dd7092d237636325b2059e05 100644 (file)
--- a/conf/confbase.Y
+++ b/conf/confbase.Y
@@ -110,7 +110,7 @@ CF_DECLS
 %type <i> expr bool pxlen4
 %type <time> expr_us time
 %type <a> ipa
-%type <net> net_ip4_ net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa
+%type <net> net_ip4_ net_ip4 net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa
 %type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_ net_ip6_sadr_ net_mpls_
 %type <mls> label_stack_start label_stack
 
@@ -303,6 +303,15 @@ net_:
 
 /* Networks - regular */
 
+net_ip4:
+   net_ip4_
+ | CF_SYM_KNOWN {
+     if (($1->class != (SYM_CONSTANT | T_NET)) || (SYM_VAL($1).net->type != NET_IP4))
+       cf_error("IPv4 network constant expected");
+     $$ = * SYM_VAL($1).net;
+   }
+ ;
+
 net_ip6:
    net_ip6_
  | CF_SYM_KNOWN {

diff --git a/conf/flowspec.Y b/conf/flowspec.Y
index 56a7c5dcadea1db6f922ca31cfd86a8ef6662927..dbdbdda5921b8af76067c947516361cf7b61199c 100644 (file)
--- a/conf/flowspec.Y
+++ b/conf/flowspec.Y
@@ -142,7 +142,7 @@ flow_frag_opts:
  ;
 
 flow4_item:
-   flow_srcdst net_ip {
+   flow_srcdst net_ip4 {
      flow_builder_set_type(this_flow, $1);
      flow_builder4_add_pfx(this_flow, (net_addr_ip4 *) &($2));
    }