]> git.puffer.fish Git - mirror/frr.git/commit
projects / mirror / frr.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a19aa56) | patch
isisd: Fix use beyond end of stream of ASLA Sub-TLV parsing 13758/head
authorCarmine Scarpitta <carmine.scarpitta@uniroma2.it>
Sat, 10 Jun 2023 14:08:25 +0000 (16:08 +0200)
committerCarmine Scarpitta <carmine.scarpitta@uniroma2.it>
Wed, 14 Jun 2023 06:31:32 +0000 (08:31 +0200)
commit2a9e0824a7bd85d5436615065f0311910106c3cf
tree793ad6b6a6f77ffe25dcb31516e2dd480ec7db2etree | snapshot
parenta19aa56b95c6e987d5d7ff237208088d8642eaf1commit | diff
isisd: Fix use beyond end of stream of ASLA Sub-TLV parsing

Fixes a crash associated with attempting to read beyond the end of the
stream when parsing ASLA Sub-TLV.

```
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
    subtlv_len=13 '\r') at isisd/isis_tlvs.c:1473
    at isisd/isis_tlvs.c:3264
    context=<optimized out>, mtid=<optimized out>) at isisd/isis_tlvs.c:6078
    indent=4) at isisd/isis_tlvs.c:6142
    avail_len=<optimized out>, context=<optimized out>) at isisd/isis_tlvs.c:7032
    at isisd/isis_tlvs.c:7054
(gdb)
```

Caught by fuzzer.

Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
isisd/isis_tlvs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.