From e70558cbe1b4707ce8dfebe6df8d73ea286d832b Mon Sep 17 00:00:00 2001 From: Bruce Ma Date: Mon, 30 Sep 2019 15:55:27 +0800 Subject: [PATCH] bridge: check vlan id when loading net conf Signed-off-by: Bruce Ma --- plugins/main/bridge/bridge.go | 3 ++ plugins/main/bridge/bridge_test.go | 44 ++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go index 18e7b64e..6620dd54 100644 --- a/plugins/main/bridge/bridge.go +++ b/plugins/main/bridge/bridge.go @@ -75,6 +75,9 @@ func loadNetConf(bytes []byte) (*NetConf, string, error) { if err := json.Unmarshal(bytes, n); err != nil { return nil, "", fmt.Errorf("failed to load netconf: %v", err) } + if n.Vlan < 0 || n.Vlan > 4094 { + return nil, "", fmt.Errorf(`invalid VLAN ID %d (must be between 0 and 4094)`, n.Vlan) + } return n, n.CNIVersion, nil } diff --git a/plugins/main/bridge/bridge_test.go b/plugins/main/bridge/bridge_test.go index ed2e888c..676aa6bc 100644 --- a/plugins/main/bridge/bridge_test.go +++ b/plugins/main/bridge/bridge_test.go @@ -1645,4 +1645,48 @@ var _ = Describe("bridge Operations", func() { }) Expect(err).NotTo(HaveOccurred()) }) + + It("check vlan id when loading net conf", func() { + tests := []struct { + tc testCase + err error + }{ + { + tc: testCase{ + cniVersion: "0.4.0", + }, + err: nil, + }, + { + tc: testCase{ + cniVersion: "0.4.0", + vlan: 0, + }, + err: nil, + }, + { + tc: testCase{ + cniVersion: "0.4.0", + vlan: -100, + }, + err: fmt.Errorf("invalid VLAN ID -100 (must be between 0 and 4094)"), + }, + { + tc: testCase{ + cniVersion: "0.4.0", + vlan: 5000, + }, + err: fmt.Errorf("invalid VLAN ID 5000 (must be between 0 and 4094)"), + }, + } + + for _, test := range tests { + _, _, err := loadNetConf([]byte(test.tc.netConfJSON(""))) + if test.err == nil { + Expect(err).To(BeNil()) + } else { + Expect(err).To(Equal(test.err)) + } + } + }) })