From b78080dbe5e62dfd4eb31fe2b4a20123889d65aa Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Wed, 1 Mar 2023 16:20:53 -0500 Subject: [PATCH] more sanity checks on values --- src/protocols/bfd/decode.c | 39 +++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/src/protocols/bfd/decode.c b/src/protocols/bfd/decode.c index 45465708488..6d904f8e5d2 100644 --- a/src/protocols/bfd/decode.c +++ b/src/protocols/bfd/decode.c @@ -115,10 +115,47 @@ static ssize_t fr_bfd_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out, packet = (bfd_packet_t const *) data; if (packet->length > data_len) { - fr_strerror_const("Packet.lenth is larger than received data"); + fr_strerror_const("Packet.length is larger than received data"); return -1; } + if (packet->length < FR_BFD_HEADER_LENGTH) { + fr_strerror_const("Packet.length is smaller then BFD header size"); + return -1; + } + + if (packet->version != 1) { + fr_strerror_const("Packet.version has invalid value"); + return -1; + } + + if (packet->detect_multi == 0) { + fr_strerror_const("Packet.detect-multi has invalid value zero"); + return -1; + } + + if (packet->detect_multi == 0) { + fr_strerror_const("Packet.detect-multi has invalid value zero"); + return -1; + } + + if (packet->multipoint != 0) { + fr_strerror_const("Packet.multipoint has invalid non-zero value"); + return -1; + } + + if (packet->my_disc == 0) { + fr_strerror_const("Packet.my-discriminator has invalid value zero"); + return -1; + } + + if ((packet->your_disc == 0) && + !((packet->state == BFD_STATE_DOWN) || + (packet->state == BFD_STATE_ADMIN_DOWN))) { + fr_strerror_const("Packet has invalid values for your-discriminator and state"); + return 0; + } + /* * Get the packet type. */ -- 2.47.3