From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 1 Mar 2023 22:56:47 +0000 (-0500)
Subject: do bounds checks on fields
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6789dac3a80b6d30861a15b9bfeecf18be50e260;p=thirdparty%2Ffreeradius-server.git

do bounds checks on fields
---

diff --git a/src/listen/bfd/proto_bfd.c b/src/listen/bfd/proto_bfd.c
index 8a3d4ceacee..b97e6f019d2 100644
--- a/src/listen/bfd/proto_bfd.c
+++ b/src/listen/bfd/proto_bfd.c
@@ -432,6 +432,7 @@ static int mod_bootstrap(module_inst_ctx_t const *mctx)
 
 		while ((cs = cf_section_find_next(server, cs, "peer", CF_IDENT_ANY))) {
 			fr_client_t *c;
+			proto_bfd_peer_t *peer;
 
 			if (cf_section_rules_push(cs, peer_config) < 0) return -1;
 
@@ -443,6 +444,22 @@ static int mod_bootstrap(module_inst_ctx_t const *mctx)
 				return -1;
 			}
 
+			if (c->proto != IPPROTO_UDP) {
+				cf_log_err(cs, "Peer must use 'proto = udp' in %s", cf_section_name2(cs));
+				goto error;
+			}
+
+			peer = (proto_bfd_peer_t *) c;
+
+			FR_TIME_DELTA_BOUND_CHECK("peer.min_transmit_interval", peer->min_transmit_interval, >=, fr_time_delta_from_usec(30));
+			FR_TIME_DELTA_BOUND_CHECK("peer.min_transmit_interval", peer->min_transmit_interval, <=, fr_time_delta_from_sec(2));
+
+			FR_TIME_DELTA_BOUND_CHECK("peer.min_recieve_interval", peer->min_transmit_interval, >=, fr_time_delta_from_usec(30));
+			FR_TIME_DELTA_BOUND_CHECK("peer.min_received_interval", peer->min_transmit_interval, <=, fr_time_delta_from_sec(2));
+
+			FR_INTEGER_BOUND_CHECK("peer.max_timeouts", peer->max_timeouts, >=, 1);
+			FR_INTEGER_BOUND_CHECK("peer.max_timeouts", peer->max_timeouts, <=, 10);
+
 			if (!client_add(inst->peers, c)) {
 				cf_log_err(cs, "Failed to add peer %s", cf_section_name2(cs));
 				goto error;