git: 61d771b63df6 - stable/13 - bridgestp: validate timer values in config BPDU
Kristof Provost
kp at FreeBSD.org
Tue May 18 12:18:43 UTC 2021
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=61d771b63df62e4e8764b187c1307a87933248ef
commit 61d771b63df62e4e8764b187c1307a87933248ef
Author: Jonah Caplan <jcaplan at blackberry.com>
AuthorDate: 2021-04-15 09:28:42 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-05-18 10:00:38 +0000
bridgestp: validate timer values in config BPDU
IEEE Std 802.1D-2004 Section 17.14 defines permitted ranges for timers.
Incoming BPDU messages should be checked against the permitted ranges.
The rest of 17.14 appears to be enforced already.
PR: 254924
Reviewed by: kp, donner
Differential Revision: https://reviews.freebsd.org/D29782
(cherry picked from commit 0e4025bffa2bab3461b72b40d0b1468722ff76e6)
---
sys/net/bridgestp.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/sys/net/bridgestp.c b/sys/net/bridgestp.c
index 9e3a3e14ecda..cf182d2efe7b 100644
--- a/sys/net/bridgestp.c
+++ b/sys/net/bridgestp.c
@@ -597,6 +597,23 @@ bstp_received_bpdu(struct bstp_state *bs, struct bstp_port *bp,
return;
}
+ /* range checks */
+ if (cu->cu_message_age >= cu->cu_max_age) {
+ return;
+ }
+ if (cu->cu_max_age < BSTP_MIN_MAX_AGE ||
+ cu->cu_max_age > BSTP_MAX_MAX_AGE) {
+ return;
+ }
+ if (cu->cu_forward_delay < BSTP_MIN_FORWARD_DELAY ||
+ cu->cu_forward_delay > BSTP_MAX_FORWARD_DELAY) {
+ return;
+ }
+ if (cu->cu_hello_time < BSTP_MIN_HELLO_TIME ||
+ cu->cu_hello_time > BSTP_MAX_HELLO_TIME) {
+ return;
+ }
+
type = bstp_pdu_rcvtype(bp, cu);
switch (type) {
More information about the dev-commits-src-all
mailing list