Fix OSS Fuzz crashes due to validation issues in RBAC Config (#12757)

Added validation that action enum is within range Risk Level: low Testing: passes added regression tests Docs Changes: N/A Release Notes: N/A Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24824&sort=-opened&can=1&q=proj%3Aenvoy%20status%3DNew Signed-off-by: Zach Reyes <zasweq@google.com> Mirrored from https://github.com/envoyproxy/envoy @ aecd2459f70a8f7ce6032a0e8fc7e9a8d04e9798
4 years ago · c9098d1165
parent 93b9c9e5d9
commit c9098d1165
2 changed files with 2 additions and 2 deletions
--- a/envoy/config/rbac/v3/rbac.proto
+++ b/envoy/config/rbac/v3/rbac.proto
@ -101,7 +101,7 @@ message RBAC {
  //    key namespace 'envoy.common'. If no policies match, it is set to `false`.
  //    Other actions do not modify this key.
  //
-  Action action = 1;
+  Action action = 1 [(validate.rules).enum = {defined_only: true}];

  // Maps from policy name to policy. A match occurs when at least one policy matches the request.
  map<string, Policy> policies = 2;
--- a/envoy/config/rbac/v4alpha/rbac.proto
+++ b/envoy/config/rbac/v4alpha/rbac.proto
@ -100,7 +100,7 @@ message RBAC {
  //    key namespace 'envoy.common'. If no policies match, it is set to `false`.
  //    Other actions do not modify this key.
  //
-  Action action = 1;
+  Action action = 1 [(validate.rules).enum = {defined_only: true}];

  // Maps from policy name to policy. A match occurs when at least one policy matches the request.
  map<string, Policy> policies = 2;