mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-19 12:01:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: protect uint32 conversion

Browse Source 
See the following for more details:
https://github.com/cloudnativelabs/kube-router/security/code-scanning?query=ref%3Arefs%2Fpull%2F1065%2Fmerge+tool%3ACodeQL
This commit is contained in:
Aaron U'Ren 2021-04-13 20:15:56 -05:00
parent 1816886cb4
commit ef827d3dbf
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/controllers/routing/bgp_policies.go
View File

@ -3,6 +3,7 @@ package routing
import ( import (
"context" "context"
"errors" "errors"
"fmt"
"reflect" "reflect"
"strconv" "strconv"
"strings" "strings"
@ -71,7 +72,10 @@ func (nrc *NetworkRoutingController) addPodCidrDefinedSet() error {
return err return err
} }
if currentDefinedSet == nil { if currentDefinedSet == nil {
cidrLen, _ := strconv.Atoi(strings.Split(nrc.podCidr, "/")[1]) cidrLen, err := strconv.Atoi(strings.Split(nrc.podCidr, "/")[1])
if err != nil || cidrLen < 0 || cidrLen > 32 {
return fmt.Errorf("the pod CIDR IP given is not a proper mask: %d", cidrLen)
}
podCidrDefinedSet := &gobgpapi.DefinedSet{ podCidrDefinedSet := &gobgpapi.DefinedSet{
DefinedType: gobgpapi.DefinedType_PREFIX, DefinedType: gobgpapi.DefinedType_PREFIX,
Name: "podcidrdefinedset", Name: "podcidrdefinedset",

9
pkg/controllers/routing/network_routes_controller.go
View File

@ -440,9 +440,12 @@ func (nrc *NetworkRoutingController) advertisePodRoute() error {
cidrStr := strings.Split(nrc.podCidr, "/") cidrStr := strings.Split(nrc.podCidr, "/")
subnet := cidrStr[0] subnet := cidrStr[0]
cidrLen, _ := strconv.Atoi(cidrStr[1]) cidrLen, err := strconv.Atoi(cidrStr[1])
if err != nil || cidrLen < 0 || cidrLen > 32 {
return fmt.Errorf("the pod CIDR IP given is not a proper mask: %d", cidrLen)
}
if nrc.isIpv6 { if nrc.isIpv6 {
klog.V(2).Infof("Advertising route: '%s/%s via %s' to peers", subnet, strconv.Itoa(cidrLen), nrc.nodeIP.String()) klog.V(2).Infof("Advertising route: '%s/%d via %s' to peers", subnet, cidrLen, nrc.nodeIP.String())
v6Family := &gobgpapi.Family{ v6Family := &gobgpapi.Family{
Afi: gobgpapi.Family_AFI_IP6, Afi: gobgpapi.Family_AFI_IP6,
@ -472,7 +475,7 @@ func (nrc *NetworkRoutingController) advertisePodRoute() error {
} }
} else { } else {
klog.V(2).Infof("Advertising route: '%s/%s via %s' to peers", subnet, strconv.Itoa(cidrLen), nrc.nodeIP.String()) klog.V(2).Infof("Advertising route: '%s/%d via %s' to peers", subnet, cidrLen, nrc.nodeIP.String())
nlri, _ := ptypes.MarshalAny(&gobgpapi.IPAddressPrefix{ nlri, _ := ptypes.MarshalAny(&gobgpapi.IPAddressPrefix{
PrefixLen: uint32(cidrLen), PrefixLen: uint32(cidrLen),
Prefix: cidrStr[0], Prefix: cidrStr[0],