daemon: validate enum values coming from user

Author: pzmarzly

src/bpfilter/cgen/cgen.c

@@ -79,7 +79,7 @@ int bf_cgen_new_from_pack(struct bf_cgen **cgen, bf_rpack_node_t node)
 
     _cgen->program = NULL;
 
-    r = bf_rpack_kv_enum(node, "front", &_cgen->front);
+    r = bf_rpack_kv_enum(node, "front", &_cgen->front, 0, _BF_FRONT_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_cgen.front");
 

src/bpfilter/cgen/prog/map.c

@@ -103,11 +103,11 @@ int bf_map_new_from_pack(struct bf_map **map, int dir_fd, bf_rpack_node_t node)
         return bf_err_r(-EINVAL, "map name can't be empty");
     bf_strncpy(_map->name, BPF_OBJ_NAME_LEN, name);
 
-    r = bf_rpack_kv_enum(node, "type", &_map->type);
+    r = bf_rpack_kv_enum(node, "type", &_map->type, 0, _BF_MAP_TYPE_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_map.type");
 
-    r = bf_rpack_kv_enum(node, "bpf_type", &_map->bpf_type);
+    r = bf_rpack_kv_enum(node, "bpf_type", &_map->bpf_type, 0, __MAX_BPF_MAP_TYPE);
     if (r)
         return bf_rpack_key_err(r, "bf_map.bpf_type");
 

src/libbpfilter/chain.c

@@ -73,8 +73,11 @@ int bf_chain_new(struct bf_chain **chain, const char *name, enum bf_hook hook,
     size_t ridx = 0;
     int r;
 
-    bf_assert(chain && name);
-    bf_assert(policy < _BF_TERMINAL_VERDICT_MAX);
+    assert(chain && name);
+    if (hook >= _BF_HOOK_MAX)
+        return bf_err_r(-EINVAL, "unknown hook type");
+    if (policy >= _BF_TERMINAL_VERDICT_MAX)
+        return bf_err_r(-EINVAL, "unknown policy type");
 
     _chain = malloc(sizeof(*_chain));
     if (!_chain)
@@ -124,11 +127,11 @@ int bf_chain_new_from_pack(struct bf_chain **chain, bf_rpack_node_t node)
     if (r)
         return bf_rpack_key_err(r, "bf_chain.name");
 
-    r = bf_rpack_kv_enum(node, "hook", &hook);
+    r = bf_rpack_kv_enum(node, "hook", &hook, 0, _BF_HOOK_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_chain.hook");
 
-    r = bf_rpack_kv_enum(node, "policy", &policy);
+    r = bf_rpack_kv_enum(node, "policy", &policy, 0, _BF_TERMINAL_VERDICT_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_chain.policy");
 

src/libbpfilter/include/bpfilter/pack.h

@@ -304,19 +304,29 @@ typedef union
  * @brief Read an named enumerator value from a node.
  *
  * This macro will ensure the enumerator value is properly casted from the
- * corresponding integer stored in the pack.
+ * corresponding integer stored in the pack, and validate that it falls within
+ * the valid range [first, max).
  *
  * @param node Node to read from.
  * @param key Key of the node to read. Can't be NULL.
  * @param value Pointer to the enumerator value to read into.
+ * @param first First valid enumerator value (inclusive).
+ * @param max Maximum enumerator value (exclusive).
  * @return 0 on success, or a negative error value on failure.
  */
-#define bf_rpack_kv_enum(node, key, value)                                     \
+#define bf_rpack_kv_enum(node, key, value, first, max)                         \
     ({                                                                         \
         int __value;                                                           \
         int __r = bf_rpack_kv_int(node, key, &__value);                        \
-        if (!__r)                                                              \
-            *(value) = __value;                                                \
+        if (!__r) {                                                            \
+            if (__value < (first) || __value >= (max)) {                       \
+                bf_err("invalid %s value %d (expected [%d, %d))", key,         \
+                       __value, (int)(first), (int)(max));                     \
+                __r = -EINVAL;                                                 \
+            } else {                                                           \
+                *(value) = __value;                                            \
+            }                                                                  \
+        }                                                                      \
         __r;                                                                   \
     })
 
@@ -327,14 +337,23 @@ typedef union
  *
  * @param node Node to read from.
  * @param value Pointer to the enumerator value to read into.
+ * @param first First valid enumerator value (inclusive).
+ * @param max Maximum enumerator value (exclusive).
  * @return 0 on success, or a negative error value on failure.
  */
-#define bf_rpack_enum(node, value)                                             \
+#define bf_rpack_enum(node, value, first, max)                                 \
     ({                                                                         \
         int __value;                                                           \
         int __r = bf_rpack_int(node, &__value);                                \
-        if (!__r)                                                              \
-            *(value) = __value;                                                \
+        if (!__r) {                                                            \
+            if (__value < (first) || __value >= (max)) {                       \
+                bf_err("invalid enum value %d (expected [%d, %d))", __value,   \
+                       (int)(first), (int)(max));                              \
+                __r = -EINVAL;                                                 \
+            } else {                                                           \
+                *(value) = __value;                                            \
+            }                                                                  \
+        }                                                                      \
         __r;                                                                   \
     })
 

src/libbpfilter/matcher.c

@@ -1295,11 +1295,11 @@ int bf_matcher_new_from_pack(struct bf_matcher **matcher, bf_rpack_node_t node)
 
     bf_assert(matcher);
 
-    r = bf_rpack_kv_enum(node, "type", &type);
+    r = bf_rpack_kv_enum(node, "type", &type, 0, _BF_MATCHER_TYPE_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_matcher.type");
 
-    r = bf_rpack_kv_enum(node, "op", &op);
+    r = bf_rpack_kv_enum(node, "op", &op, 0, _BF_MATCHER_OP_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_matcher.op");
 

src/libbpfilter/rule.c

@@ -93,7 +93,7 @@ int bf_rule_new_from_pack(struct bf_rule **rule, bf_rpack_node_t node)
     if (r)
         return bf_rpack_key_err(r, "bf_rule.mark");
 
-    r = bf_rpack_kv_enum(node, "verdict", &_rule->verdict);
+    r = bf_rpack_kv_enum(node, "verdict", &_rule->verdict, 0, _BF_VERDICT_MAX);
     if (r)
         return bf_rpack_key_err(r, "bf_rule.verdict");
 

src/libbpfilter/set.c

@@ -291,7 +291,7 @@ int bf_set_new_from_pack(struct bf_set **set, bf_rpack_node_t node)
                 n_comps, BF_SET_MAX_N_COMPS);
         }
 
-        r = bf_rpack_enum(comp_node, &key[i]);
+        r = bf_rpack_enum(comp_node, &key[i], 0, _BF_MATCHER_TYPE_MAX);
         if (r)
             return bf_rpack_key_err(r, "bf_set.key");
     }

tests/unit/libbpfilter/pack.c

@@ -399,7 +399,9 @@ static void wpack_enum(void **state)
     assert_ok(bf_rpack_new(&rpack, data, data_len));
     root = bf_rpack_root(rpack);
 
-    assert_ok(bf_rpack_kv_enum(root, "enum_val", &enum_val));
+    assert_ok(bf_rpack_kv_enum(root, "enum_val", &enum_val, 0, 10));
+    assert_err(bf_rpack_kv_enum(root, "enum_val", &enum_val, 0, 5));
+    assert_err(bf_rpack_kv_enum(root, "enum_val", &enum_val, 6, 10));
     assert_int_equal(enum_val, 5);
 }