When a route-map configuration is used to set the nexthop to a value, make

sure that the value is acceptable. For example, if the route-map is setting
the IPv6 link-local nexthop, make sure the value is an IPv6 link-local
address.

diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c
index 2628daeb75e28e988edf8e001b9d72c8c4989e0c..fc0bb25a35bb57e58e9dec34d25192f0002d7864 100644 (file)
--- a/bgpd/bgp_routemap.c
+++ b/bgpd/bgp_routemap.c
@@ -3633,7 +3633,14 @@ DEFUN (set_ip_nexthop,
   ret = str2sockunion (argv[0], &su);
   if (ret < 0)
     {
-      vty_out (vty, "%% Malformed Next-hop address%s", VTY_NEWLINE);
+      vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+  if (su.sin.sin_addr.s_addr == 0 ||
+      IPV4_CLASS_DE(su.sin.sin_addr.s_addr))
+    {
+      vty_out (vty, "%% nexthop address cannot be 0.0.0.0, multicast "
+               "or reserved%s", VTY_NEWLINE);
       return CMD_WARNING;
     }
  
@@ -4413,6 +4420,24 @@ DEFUN (set_ipv6_nexthop_global,
        "IPv6 global address\n"
        "IPv6 address of next hop\n")
 {
+  struct in6_addr addr;
+  int ret;
+
+  ret = inet_pton (AF_INET6, argv[0], &addr);
+  if (!ret)
+    {
+      vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+  if (IN6_IS_ADDR_UNSPECIFIED(&addr) ||
+      IN6_IS_ADDR_LOOPBACK(&addr)    ||
+      IN6_IS_ADDR_MULTICAST(&addr)   ||
+      IN6_IS_ADDR_LINKLOCAL(&addr))
+    {
+      vty_out (vty, "%% Invalid global nexthop address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+
   return bgp_route_set_add (vty, vty->index, "ipv6 next-hop global", argv[0]);
 }
 
@@ -4450,6 +4475,21 @@ DEFUN (set_ipv6_nexthop_local,
        "IPv6 local address\n"
        "IPv6 address of next hop\n")
 {
+  struct in6_addr addr;
+  int ret;
+
+  ret = inet_pton (AF_INET6, argv[0], &addr);
+  if (!ret)
+    {
+      vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+  if (!IN6_IS_ADDR_LINKLOCAL(&addr))
+    {
+      vty_out (vty, "%% Invalid link-local nexthop address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+
   return bgp_route_set_add (vty, vty->index, "ipv6 next-hop local", argv[0]);
 }
 

diff --git a/ripd/rip_routemap.c b/ripd/rip_routemap.c
index e04e43d487a758b2ffed1a90e1a862ea4c25841e..e7263ad7beb5dae5de814f1ad9acd4ca5a3ba716 100644 (file)
--- a/ripd/rip_routemap.c
+++ b/ripd/rip_routemap.c
@@ -1044,6 +1044,13 @@ DEFUN (set_ip_nexthop,
       vty_out (vty, "%% Malformed next-hop address%s", VTY_NEWLINE);
       return CMD_WARNING;
     }
+  if (su.sin.sin_addr.s_addr == 0 ||
+      IPV4_CLASS_DE(su.sin.sin_addr.s_addr))
+    {
+      vty_out (vty, "%% nexthop address cannot be 0.0.0.0, multicast "
+               "or reserved%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
 
   return rip_route_set_add (vty, vty->index, "ip next-hop", argv[0]);
 }

diff --git a/ripngd/ripng_routemap.c b/ripngd/ripng_routemap.c
index eae4566a606db675a79793d8fe6f2ceac9d5ab49..9bda2e260d1f0f743574485bd069cd5e55ea5e3f 100644 (file)
--- a/ripngd/ripng_routemap.c
+++ b/ripngd/ripng_routemap.c
@@ -645,6 +645,12 @@ DEFUN (set_ipv6_nexthop_local,
       return CMD_WARNING;
     }
 
+  if (!IN6_IS_ADDR_LINKLOCAL(&su.sin6.sin6_addr))
+    {
+      vty_out (vty, "%% Invalid link-local nexthop address%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+
   return ripng_route_set_add (vty, vty->index, "ipv6 next-hop local", argv[0]);
 }