From 75306351ff28b247099bff8f770b05d2282ac165 Mon Sep 17 00:00:00 2001
From: Junxiao Shi <git@mail1.yoursunny.com>
Date: Thu, 1 Feb 2018 21:59:44 +0000
Subject: [PATCH] rib: limit route prefix length in rib/register command

refs #4262

Change-Id: I567934419f6872cb0f5a823400f53014b9c6e85e
---
 core/fib-max-depth.hpp      | 37 +++++++++++++++++++++++++++++++++++++
 daemon/table/fib.hpp        | 17 +++++++++++++++--
 daemon/table/name-tree.hpp  |  4 ++--
 rib/rib-manager.cpp         | 11 +++++++++--
 tests/rib/rib-manager.t.cpp | 24 ++++++++++++++++++++++--
 5 files changed, 85 insertions(+), 8 deletions(-)
 create mode 100644 core/fib-max-depth.hpp

diff --git a/core/fib-max-depth.hpp b/core/fib-max-depth.hpp
new file mode 100644
index 00000000..af15a97f
--- /dev/null
+++ b/core/fib-max-depth.hpp
@@ -0,0 +1,37 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2014-2018,  Regents of the University of California,
+ *                           Arizona Board of Regents,
+ *                           Colorado State University,
+ *                           University Pierre & Marie Curie, Sorbonne University,
+ *                           Washington University in St. Louis,
+ *                           Beijing Institute of Technology,
+ *                           The University of Memphis.
+ *
+ * This file is part of NFD (Named Data Networking Forwarding Daemon).
+ * See AUTHORS.md for complete list of NFD authors and contributors.
+ *
+ * NFD is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.  See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NFD, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NFD_CORE_FIB_MAX_DEPTH_HPP
+#define NFD_CORE_FIB_MAX_DEPTH_HPP
+
+namespace nfd {
+
+/** \brief Maximum number of components in a FIB entry prefix.
+ */
+static const int FIB_MAX_DEPTH = 32;
+
+} // namespace nfd
+
+#endif // NFD_CORE_FIB_MAX_DEPTH_HPP
diff --git a/daemon/table/fib.hpp b/daemon/table/fib.hpp
index fc5439f0..ac864e8f 100644
--- a/daemon/table/fib.hpp
+++ b/daemon/table/fib.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016,  Regents of the University of California,
+/*
+ * Copyright (c) 2014-2018,  Regents of the University of California,
  *                           Arizona Board of Regents,
  *                           Colorado State University,
  *                           University Pierre & Marie Curie, Sorbonne University,
@@ -29,6 +29,8 @@
 #include "fib-entry.hpp"
 #include "name-tree.hpp"
 
+#include "core/fib-max-depth.hpp"
+
 #include <boost/range/adaptor/transformed.hpp>
 
 namespace nfd {
@@ -82,6 +84,17 @@ public: // lookup
   findExactMatch(const Name& prefix);
 
 public: // mutation
+  /** \brief Maximum number of components in a FIB entry prefix.
+   *
+   *  This constant is currently advisory, but will become mandatory later.
+   */
+  static constexpr size_t
+  getMaxDepth()
+  {
+    static_assert(FIB_MAX_DEPTH == NameTree::getMaxDepth(), "");
+    return FIB_MAX_DEPTH;
+  }
+
   /** \brief inserts a FIB entry for prefix
    *
    *  If an entry for exact same prefix exists, that entry is returned.
diff --git a/daemon/table/name-tree.hpp b/daemon/table/name-tree.hpp
index 04e504e0..805be566 100644
--- a/daemon/table/name-tree.hpp
+++ b/daemon/table/name-tree.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2014-2017,  Regents of the University of California,
+ * Copyright (c) 2014-2018,  Regents of the University of California,
  *                           Arizona Board of Regents,
  *                           Colorado State University,
  *                           University Pierre & Marie Curie, Sorbonne University,
@@ -50,7 +50,7 @@ public: // information
    *  This constant is currently advisory. It is enforced in NameTree::lookup only if
    *  \p enforceMaxDepth is set to true. This will become mandatory later.
    */
-  static size_t
+  static constexpr size_t
   getMaxDepth()
   {
     return 32;
diff --git a/rib/rib-manager.cpp b/rib/rib-manager.cpp
index 71a7cf3d..ba897199 100644
--- a/rib/rib-manager.cpp
+++ b/rib/rib-manager.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2017,  Regents of the University of California,
+/*
+ * Copyright (c) 2014-2018,  Regents of the University of California,
  *                           Arizona Board of Regents,
  *                           Colorado State University,
  *                           University Pierre & Marie Curie, Sorbonne University,
@@ -28,6 +28,7 @@
 #include "readvertise/client-to-nlsr-readvertise-policy.hpp"
 #include "readvertise/nfd-rib-readvertise-destination.hpp"
 
+#include "core/fib-max-depth.hpp"
 #include "core/logger.hpp"
 #include "core/scheduler.hpp"
 
@@ -198,6 +199,12 @@ RibManager::registerEntry(const Name& topPrefix, const Interest& interest,
                           ControlParameters parameters,
                           const ndn::mgmt::CommandContinuation& done)
 {
+  if (parameters.getName().size() > FIB_MAX_DEPTH) {
+    done(ControlResponse(414, "Route prefix cannot exceed " + ndn::to_string(FIB_MAX_DEPTH) +
+                              " components"));
+    return;
+  }
+
   setFaceForSelfRegistration(interest, parameters);
 
   // Respond since command is valid and authorized
diff --git a/tests/rib/rib-manager.t.cpp b/tests/rib/rib-manager.t.cpp
index 7ef01943..e141368d 100644
--- a/tests/rib/rib-manager.t.cpp
+++ b/tests/rib/rib-manager.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2017,  Regents of the University of California,
+/*
+ * Copyright (c) 2014-2018,  Regents of the University of California,
  *                           Arizona Board of Regents,
  *                           Colorado State University,
  *                           University Pierre & Marie Curie, Sorbonne University,
@@ -25,6 +25,7 @@
 
 #include "rib/rib-manager.hpp"
 #include "manager-common-fixture.hpp"
+#include "core/fib-max-depth.hpp"
 
 #include <ndn-cxx/lp/tags.hpp>
 #include <ndn-cxx/mgmt/nfd/face-event-notification.hpp>
@@ -422,6 +423,25 @@ BOOST_AUTO_TEST_CASE(Expiration)
   BOOST_CHECK_EQUAL(checkCommand(0, "add-nexthop", paramsRegister), CheckCommandResult::OK);
 }
 
+BOOST_AUTO_TEST_CASE(NameTooLong)
+{
+  Name prefix;
+  while (prefix.size() <= FIB_MAX_DEPTH) {
+    prefix.append("A");
+  }
+  auto params = makeRegisterParameters(prefix, 2899);
+  auto command = makeControlCommandRequest("/localhost/nfd/rib/register", params);
+  receiveInterest(command);
+
+  BOOST_REQUIRE_EQUAL(m_responses.size(), 1);
+  BOOST_CHECK_EQUAL(checkResponse(0, command.getName(), ControlResponse(414,
+                      "Route prefix cannot exceed " + ndn::to_string(FIB_MAX_DEPTH) +
+                      " components")),
+                    CheckResponseResult::OK);
+
+  BOOST_CHECK_EQUAL(m_commands.size(), 0);
+}
+
 BOOST_AUTO_TEST_SUITE_END() // RegisterUnregister
 
 BOOST_FIXTURE_TEST_CASE(RibDataset, UnauthorizedRibManagerFixture)