bgpd: mplsvpn SNMP correctly validate incoming rt_index

check that RT index is in the allowed range Signed-off-by: Pat Ruddy <pat@voltanet.io>
author: Pat Ruddy <pat@voltanet.io> 2021-02-14 11:39:50 +0000
committer: Pat Ruddy <pat@voltanet.io> 2021-02-17 13:33:58 +0000
commit: f01828a1d77ef8d4edd93b4c5f793c5a8f9a6e85 (patch)
tree: 622d3d0bcfeb3922a158c39751a707c0f4d212b5
parent: e0b3b43716bb97082c84b9d84dd088954021c2fd (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/bgpd/bgp_mplsvpn_snmp.c b/bgpd/bgp_mplsvpn_snmp.c
index 055bae8432..e8084924f5 100644
--- a/bgpd/bgp_mplsvpn_snmp.c
+++ b/bgpd/bgp_mplsvpn_snmp.c
@@ -1023,14 +1023,17 @@ static struct bgp *bgpL3vpnVrfRt_lookup(struct variable *v, oid name[],
 		*rt_type = name[namelen + vrf_name_len + sizeof(uint32_t)];
 	}
 
+	/* validate the RT index is in range */
+	if (*rt_index > AFI_IP6)
+		return NULL;
+
 	if (exact) {
 		l3vpn_bgp = bgp_lookup_by_name(vrf_name);
 		if (l3vpn_bgp && !is_bgp_vrf_mplsvpn(l3vpn_bgp))
 			return NULL;
 		if (!l3vpn_bgp)
 			return NULL;
-		/* check the index and type match up */
-		if ((*rt_index != AFI_IP) || (*rt_index != AFI_IP6))
+		if ((*rt_index != AFI_IP) && (*rt_index != AFI_IP6))
 			return NULL;
 		/* do we have RT config */
 		if (!(l3vpn_bgp->vpn_policy[*rt_index]
author	Pat Ruddy <pat@voltanet.io>	2021-02-14 11:39:50 +0000
committer	Pat Ruddy <pat@voltanet.io>	2021-02-17 13:33:58 +0000
commit	f01828a1d77ef8d4edd93b4c5f793c5a8f9a6e85 (patch)
tree	622d3d0bcfeb3922a158c39751a707c0f4d212b5
parent	e0b3b43716bb97082c84b9d84dd088954021c2fd (diff)