mirror of
https://github.com/cloudnativelabs/kube-router.git
synced 2025-11-18 19:41:05 +01:00
fix: protect uint32 conversion
See the following for more details: https://github.com/cloudnativelabs/kube-router/security/code-scanning?query=ref%3Arefs%2Fpull%2F1065%2Fmerge+tool%3ACodeQL
This commit is contained in:
Aaron U'Ren
parent
1816886cb4
commit
ef827d3dbf
@ -3,6 +3,7 @@ package routing
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"strconv"
|
||||
"strings"
|
||||
@ -71,7 +72,10 @@ func (nrc *NetworkRoutingController) addPodCidrDefinedSet() error {
|
||||
return err
|
||||
}
|
||||
if currentDefinedSet == nil {
|
||||
cidrLen, _ := strconv.Atoi(strings.Split(nrc.podCidr, "/")[1])
|
||||
cidrLen, err := strconv.Atoi(strings.Split(nrc.podCidr, "/")[1])
|
||||
if err != nil || cidrLen < 0 || cidrLen > 32 {
|
||||
return fmt.Errorf("the pod CIDR IP given is not a proper mask: %d", cidrLen)
|
||||
}
|
||||
podCidrDefinedSet := &gobgpapi.DefinedSet{
|
||||
DefinedType: gobgpapi.DefinedType_PREFIX,
|
||||
Name: "podcidrdefinedset",
|
||||
|
||||
@ -440,9 +440,12 @@ func (nrc *NetworkRoutingController) advertisePodRoute() error {
|
||||
|
||||
cidrStr := strings.Split(nrc.podCidr, "/")
|
||||
subnet := cidrStr[0]
|
||||
cidrLen, _ := strconv.Atoi(cidrStr[1])
|
||||
cidrLen, err := strconv.Atoi(cidrStr[1])
|
||||
if err != nil || cidrLen < 0 || cidrLen > 32 {
|
||||
return fmt.Errorf("the pod CIDR IP given is not a proper mask: %d", cidrLen)
|
||||
}
|
||||
if nrc.isIpv6 {
|
||||
klog.V(2).Infof("Advertising route: '%s/%s via %s' to peers", subnet, strconv.Itoa(cidrLen), nrc.nodeIP.String())
|
||||
klog.V(2).Infof("Advertising route: '%s/%d via %s' to peers", subnet, cidrLen, nrc.nodeIP.String())
|
||||
|
||||
v6Family := &gobgpapi.Family{
|
||||
Afi: gobgpapi.Family_AFI_IP6,
|
||||
@ -472,7 +475,7 @@ func (nrc *NetworkRoutingController) advertisePodRoute() error {
|
||||
}
|
||||
} else {
|
||||
|
||||
klog.V(2).Infof("Advertising route: '%s/%s via %s' to peers", subnet, strconv.Itoa(cidrLen), nrc.nodeIP.String())
|
||||
klog.V(2).Infof("Advertising route: '%s/%d via %s' to peers", subnet, cidrLen, nrc.nodeIP.String())
|
||||
nlri, _ := ptypes.MarshalAny(&gobgpapi.IPAddressPrefix{
|
||||
PrefixLen: uint32(cidrLen),
|
||||
Prefix: cidrStr[0],
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user