lib: add a few more sanity checks when encoding/decoding routes

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>

diff --git a/lib/zclient.c b/lib/zclient.c
index 1c40750db07e1bf56f96ccceb36ddcd0a98433b2..a6210e396322639b6fb2d7700fe0855aef388bce 100644 (file)
--- a/lib/zclient.c
+++ b/lib/zclient.c
@@ -749,10 +749,24 @@ int zapi_route_encode(uint8_t cmd, struct stream *s, struct zapi_route *api)
        stream_reset(s);
        zclient_create_header(s, cmd, api->vrf_id);
 
+       if (api->type >= ZEBRA_ROUTE_MAX) {
+               flog_err(EC_LIB_ZAPI_ENCODE,
+                        "%s: Specified route type (%u) is not a legal value\n",
+                        __PRETTY_FUNCTION__, api->type);
+               return -1;
+       }
        stream_putc(s, api->type);
+
        stream_putw(s, api->instance);
        stream_putl(s, api->flags);
        stream_putc(s, api->message);
+
+       if (api->safi < SAFI_UNICAST || api->safi >= SAFI_MAX) {
+               flog_err(EC_LIB_ZAPI_ENCODE,
+                        "%s: Specified route SAFI (%u) is not a legal value\n",
+                        __PRETTY_FUNCTION__, api->safi);
+               return -1;
+       }
        stream_putc(s, api->safi);
 
        /* Put prefix information. */
@@ -868,7 +882,7 @@ int zapi_route_decode(struct stream *s, struct zapi_route *api)
 
        /* Type, flags, message. */
        STREAM_GETC(s, api->type);
-       if (api->type > ZEBRA_ROUTE_MAX) {
+       if (api->type >= ZEBRA_ROUTE_MAX) {
                flog_err(EC_LIB_ZAPI_ENCODE,
                         "%s: Specified route type: %d is not a legal value\n",
                         __PRETTY_FUNCTION__, api->type);
@@ -879,6 +893,12 @@ int zapi_route_decode(struct stream *s, struct zapi_route *api)
        STREAM_GETL(s, api->flags);
        STREAM_GETC(s, api->message);
        STREAM_GETC(s, api->safi);
+       if (api->safi < SAFI_UNICAST || api->safi >= SAFI_MAX) {
+               flog_err(EC_LIB_ZAPI_ENCODE,
+                        "%s: Specified route SAFI (%u) is not a legal value\n",
+                        __PRETTY_FUNCTION__, api->safi);
+               return -1;
+       }
 
        /* Prefix. */
        STREAM_GETC(s, api->prefix.family);

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index faa0eb90e4c300bf0a024c2e5e902aa5c979bac8..8fe7031abe0a6cf3a4e1a445d3e20b770143b49b 100644 (file)
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -530,6 +530,7 @@ int zsend_redistribute_route(int cmd, struct zserv *client,
        memset(&api, 0, sizeof(api));
        api.vrf_id = re->vrf_id;
        api.type = re->type;
+       api.safi = SAFI_UNICAST;
        api.instance = re->instance;
        api.flags = re->flags;