From 0805d29557c8f6de297568f9a8401b902b4a5c8c Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri, 3 Jan 2020 02:12:58 -0500
Subject: [PATCH] zebra: check pbr rule msg for correct afi

further down we hash the src & dst ip, which asserts that the afi is one
of the well known ones, given the field names i assume the correct afis
here are af_inet[6]

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---
 zebra/zapi_msg.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 1dbe41f46298..18b733f884fd 100644
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -2360,6 +2360,20 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
 		if (zpr.rule.filter.fwmark)
 			zpr.rule.filter.filter_bm |= PBR_FILTER_FWMARK;
 
+		if (!(zpr.rule.filter.src_ip.family == AF_INET
+		      || zpr.rule.filter.src_ip.family == AF_INET6)) {
+			zlog_warn("Unsupported PBR source IP family: %s\n",
+				  family2str(zpr.rule.filter.src_ip.family));
+			return;
+		}
+		if (!(zpr.rule.filter.dst_ip.family == AF_INET
+		      || zpr.rule.filter.dst_ip.family == AF_INET6)) {
+			zlog_warn("Unsupported PBR dest IP family: %s\n",
+				  family2str(zpr.rule.filter.dst_ip.family));
+			return;
+		}
+
+
 		zpr.vrf_id = zvrf->vrf->vrf_id;
 		if (hdr->command == ZEBRA_RULE_ADD)
 			zebra_pbr_add_rule(&zpr);