[starnix] Skip invalid nexthop configuration packets

aknobloch · CQ Bot · commit 4fbe60fd0a31 · 2025-03-25T10:36:16.000-07:00
See the bug for more details, but the TL;DR is that Linux will silently discard invalid nexthop configurations, whilst continuing to process the valid configurations it may have received. This differs from the rust-netlink library's handling of invalid configurations: rust-netlink/netlink-packet-route#153 I've modified our fork to behave closer to Linux, but the above change was pulled down to stay as close as possible with the upstream source. Fixed: 387579405 Test: Local validation with repro script in bug Change-Id: Id158c9ab5a5c288c6cb9f3485c567bde6dd89144 Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1235150 Commit-Queue: Aaron Knobloch <aknobloch@google.com> Reviewed-by: Jeff Martin <martinjeffrey@google.com>
diff --git a/src/starnix/lib/third_party/rust_netlink/netlink_packet_route/src/route/attribute.rs b/src/starnix/lib/third_party/rust_netlink/netlink_packet_route/src/route/attribute.rs
@@ -293,19 +293,30 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
                 let mut next_hops = vec![];
                 let mut buf = payload;
                 loop {
-                    let nh_buf = RouteNextHopBuffer::new_checked(&buf).map_err(|error| {
-                        RouteError::InvalidValue { kind: "RTA_MULTIPATH", error }
-                    })?;
-                    let len = nh_buf.length() as usize;
-                    let nh = RouteNextHop::parse_with_param(
-                        &nh_buf,
-                        (address_family, route_type, encap_type),
-                    )?;
-                    next_hops.push(nh);
-                    if buf.len() == len {
-                        break;
-                    }
-                    buf = &buf[len..];
+                    match RouteNextHopBuffer::new_checked(&buf) {
+                        Ok(nh_buf) => {
+                            let len = nh_buf.length() as usize;
+                            let nh = RouteNextHop::parse_with_param(
+                                &nh_buf,
+                                (address_family, route_type, encap_type),
+                            )?;
+                            next_hops.push(nh);
+                            if buf.len() == len {
+                                break;
+                            }
+                            buf = &buf[len..];
+                        }
+                        Err(e) => {
+                            // This is a Fuchsia-only change to the Netlink logic. In the
+                            // upstream rust-netlink library, they treat an invalid nexthop
+                            // configuration as an error, and promptly fail. Starnix instead
+                            // would prefer to silently discard these, to more closely match
+                            // Linux behavior. See b/387579405 for more context, and the upstream
+                            // commit: https://github.com/rust-netlink/netlink-packet-route/pull/153
+                            log::error!("Invalid nexthop configuration, {}", e);
+                            break;
+                        }
+                    };
                 }
                 Self::MultiPath(next_hops)
             }
diff --git a/src/starnix/lib/third_party/rust_netlink/netlink_packet_route/src/route/next_hops.rs b/src/starnix/lib/third_party/rust_netlink/netlink_packet_route/src/route/next_hops.rs
@@ -62,6 +62,13 @@ impl<T: AsRef<[u8]>> RouteNextHopBuffer<T> {
                 buffer_len: self.length() as usize,
             });
         }
+        if (self.length() as usize) < PAYLOAD_OFFSET {
+            return Err(DecodeError::InvalidBufferLength {
+                name: "RouteNextHopBuffer",
+                len: self.length() as usize,
+                buffer_len: PAYLOAD_OFFSET,
+            });
+        }
         Ok(())
     }
 }
diff --git a/src/starnix/lib/third_party/rust_netlink/netlink_packet_route/src/route/tests/route_flags.rs b/src/starnix/lib/third_party/rust_netlink/netlink_packet_route/src/route/tests/route_flags.rs
@@ -60,3 +60,15 @@ fn test_next_hop_max_buffer_len() {
     let buffer = [0xff, 0xff, 0, 0, 0, 0, 0, 0];
     assert!(RouteNextHopBuffer::new_checked(buffer).is_err());
 }
+
+#[test]
+fn test_invalid_next_hop() {
+    let buffer = [
+        0, 0, // length
+        0, // flags,
+        0, // hops
+        0, 0, 0, 0, // interface index
+        0, 0, 0, 0, 0, 0, 0, 0, // payload
+    ];
+    assert!(RouteNextHopBuffer::new_checked(buffer).is_err());
+}

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,13 @@ impl<T: AsRef<[u8]>> RouteNextHopBuffer<T> {`
`62`	`62`	`buffer_len: self.length() as usize,`
`63`	`63`	`});`
`64`	`64`	`}`
	`65`	`+ if (self.length() as usize) < PAYLOAD_OFFSET {`
	`66`	`+ return Err(DecodeError::InvalidBufferLength {`
	`67`	`+ name: "RouteNextHopBuffer",`
	`68`	`+ len: self.length() as usize,`
	`69`	`+ buffer_len: PAYLOAD_OFFSET,`
	`70`	`+ });`
	`71`	`+ }`
`65`	`72`	`Ok(())`
`66`	`73`	`}`
`67`	`74`	`}`