From: Donald Sharp Date: Thu, 11 Jun 2015 16:19:59 +0000 (-0700) Subject: When a route-map configuration is used to set the nexthop to a value, make X-Git-Tag: frr-2.0-rc1~1343 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=bf8b3d27623615c3b2a82d9f4867c70c8071a9be;p=matthieu%2Ffrr.git When a route-map configuration is used to set the nexthop to a value, make sure that the value is acceptable. For example, if the route-map is setting the IPv6 link-local nexthop, make sure the value is an IPv6 link-local address. --- diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c index 2628daeb75..fc0bb25a35 100644 --- a/bgpd/bgp_routemap.c +++ b/bgpd/bgp_routemap.c @@ -3633,7 +3633,14 @@ DEFUN (set_ip_nexthop, ret = str2sockunion (argv[0], &su); if (ret < 0) { - vty_out (vty, "%% Malformed Next-hop address%s", VTY_NEWLINE); + vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (su.sin.sin_addr.s_addr == 0 || + IPV4_CLASS_DE(su.sin.sin_addr.s_addr)) + { + vty_out (vty, "%% nexthop address cannot be 0.0.0.0, multicast " + "or reserved%s", VTY_NEWLINE); return CMD_WARNING; } @@ -4413,6 +4420,24 @@ DEFUN (set_ipv6_nexthop_global, "IPv6 global address\n" "IPv6 address of next hop\n") { + struct in6_addr addr; + int ret; + + ret = inet_pton (AF_INET6, argv[0], &addr); + if (!ret) + { + vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (IN6_IS_ADDR_UNSPECIFIED(&addr) || + IN6_IS_ADDR_LOOPBACK(&addr) || + IN6_IS_ADDR_MULTICAST(&addr) || + IN6_IS_ADDR_LINKLOCAL(&addr)) + { + vty_out (vty, "%% Invalid global nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + return bgp_route_set_add (vty, vty->index, "ipv6 next-hop global", argv[0]); } @@ -4450,6 +4475,21 @@ DEFUN (set_ipv6_nexthop_local, "IPv6 local address\n" "IPv6 address of next hop\n") { + struct in6_addr addr; + int ret; + + ret = inet_pton (AF_INET6, argv[0], &addr); + if (!ret) + { + vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (!IN6_IS_ADDR_LINKLOCAL(&addr)) + { + vty_out (vty, "%% Invalid link-local nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + return bgp_route_set_add (vty, vty->index, "ipv6 next-hop local", argv[0]); } diff --git a/ripd/rip_routemap.c b/ripd/rip_routemap.c index e04e43d487..e7263ad7be 100644 --- a/ripd/rip_routemap.c +++ b/ripd/rip_routemap.c @@ -1044,6 +1044,13 @@ DEFUN (set_ip_nexthop, vty_out (vty, "%% Malformed next-hop address%s", VTY_NEWLINE); return CMD_WARNING; } + if (su.sin.sin_addr.s_addr == 0 || + IPV4_CLASS_DE(su.sin.sin_addr.s_addr)) + { + vty_out (vty, "%% nexthop address cannot be 0.0.0.0, multicast " + "or reserved%s", VTY_NEWLINE); + return CMD_WARNING; + } return rip_route_set_add (vty, vty->index, "ip next-hop", argv[0]); } diff --git a/ripngd/ripng_routemap.c b/ripngd/ripng_routemap.c index eae4566a60..9bda2e260d 100644 --- a/ripngd/ripng_routemap.c +++ b/ripngd/ripng_routemap.c @@ -645,6 +645,12 @@ DEFUN (set_ipv6_nexthop_local, return CMD_WARNING; } + if (!IN6_IS_ADDR_LINKLOCAL(&su.sin6.sin6_addr)) + { + vty_out (vty, "%% Invalid link-local nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + return ripng_route_set_add (vty, vty->index, "ipv6 next-hop local", argv[0]); }