From 720f581e47180b28cb8e5ac1c56c38e50b5aef09 Mon Sep 17 00:00:00 2001 From: Pim van Pelt Date: Sun, 3 Apr 2022 14:40:44 +0000 Subject: [PATCH] Do bounds checking on the BondEthernet and VXLAN Tunnel instances --- config/bondethernet.py | 4 ++++ config/vxlan_tunnel.py | 5 +++++ unittest/yaml/error-bondethernet7.yaml | 29 ++++++++++++++++++++++++++ unittest/yaml/error-vxlan3.yaml | 22 +++++++++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 unittest/yaml/error-bondethernet7.yaml create mode 100644 unittest/yaml/error-vxlan3.yaml diff --git a/config/bondethernet.py b/config/bondethernet.py index 3238712..68c1afa 100644 --- a/config/bondethernet.py +++ b/config/bondethernet.py @@ -70,6 +70,10 @@ def validate_bondethernets(yaml): result = False else: bond_mtu = interface.get_mtu(yaml, bond_ifname) + instance = int(ifname[12:]) + if instance > 4294967294: + msgs.append("bondethernet %s has instance %d which is too large" % (ifname, instance)) + result = False for member in iface['interfaces']: if (None, None) == interface.get_by_name(yaml, member): diff --git a/config/vxlan_tunnel.py b/config/vxlan_tunnel.py index aadb549..d46147c 100644 --- a/config/vxlan_tunnel.py +++ b/config/vxlan_tunnel.py @@ -66,6 +66,11 @@ def validate_vxlan_tunnels(yaml): for ifname, iface in yaml['vxlan_tunnels'].items(): logger.debug("vxlan_tunnel %s: %s" % (ifname, iface)) + instance = int(ifname[12:]) + if instance > 2147483647: + msgs.append("vxlan_tunnel %s has instance %d which is too large" % (ifname, instance)) + result = False + vni = iface['vni'] if not vni_unique(yaml, vni): msgs.append("vxlan_tunnel %s VNI %d is not unique" % (ifname, vni)) diff --git a/unittest/yaml/error-bondethernet7.yaml b/unittest/yaml/error-bondethernet7.yaml new file mode 100644 index 0000000..234b893 --- /dev/null +++ b/unittest/yaml/error-bondethernet7.yaml @@ -0,0 +1,29 @@ +test: + description: "BondEthernets must be between 0 and 4294967294" + errors: + expected: + - "bondethernet .* has instance .* which is too large" + count: 1 +--- +bondethernets: + BondEthernet4294967294: + interfaces: [ GigabitEthernet1/0/0, GigabitEthernet1/0/1 ] + BondEthernet4294967295: + interfaces: [ GigabitEthernet2/0/0, GigabitEthernet2/0/1 ] + +interfaces: + GigabitEthernet1/0/0: + mtu: 1500 + GigabitEthernet1/0/1: + mtu: 1500 + + GigabitEthernet2/0/0: + mtu: 1500 + GigabitEthernet2/0/1: + mtu: 1500 + + BondEthernet4294967294: + description: "Cool" + + BondEthernet4294967295: + description: "Not cool" diff --git a/unittest/yaml/error-vxlan3.yaml b/unittest/yaml/error-vxlan3.yaml new file mode 100644 index 0000000..153ad22 --- /dev/null +++ b/unittest/yaml/error-vxlan3.yaml @@ -0,0 +1,22 @@ +test: + description: "A VXLAN tunnel instance must be within [0,2G)" + errors: + expected: + - "vxlan_tunnel .* has instance .* which is too large" + count: 1 +--- +vxlan_tunnels: + vxlan_tunnel2147483647: + local: 192.0.2.1 + remote: 192.0.2.2 + vni: 100 + vxlan_tunnel2147483648: + local: 2001:db8::1 + remote: 2001:db8::2 + vni: 101 + +interfaces: + vxlan_tunnel2147483647: + description: "Cool." + vxlan_tunnel2147483648: + description: "Not cool."