ospfd: Fix Coverity SA #1617470, 76 and 78

msg_new takes a uint16_t, the length passed
down variable is a unsigned int, thus 32 bit.
It's possible, but highly unlikely, that the
msglen could be greater than 16 bit.
Let's just add some checks to ensure that
this could not happen.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 283cc511781f9e076baf8564dae234de52cb290a)

diff --git a/ospfd/ospf_api.c b/ospfd/ospf_api.c
index 213ee8c1fd166464a6d29cbe1070d8828593c7be..cfc13fcc53a51f98e6eb10720522c74bc82b8b1d 100644 (file)
--- a/ospfd/ospf_api.c
+++ b/ospfd/ospf_api.c
@@ -514,6 +514,12 @@ struct msg *new_msg_originate_request(uint32_t seqnum, struct in_addr ifaddr,
        omsglen += sizeof(struct msg_originate_request)
                   - sizeof(struct lsa_header);
 
+       if (omsglen > UINT16_MAX) {
+               zlog_warn("%s: LSA specified is bigger than maximum LSA size, something is wrong",
+                         __func__);
+               omsglen = UINT16_MAX;
+       }
+
        return msg_new(MSG_ORIGINATE_REQUEST, omsg, seqnum, omsglen);
 }
 
@@ -639,6 +645,12 @@ struct msg *new_msg_lsa_change_notify(uint8_t msgtype, uint32_t seqnum,
        memcpy(nmsg_data, data, len);
        len += sizeof(struct msg_lsa_change_notify) - sizeof(struct lsa_header);
 
+       if (len > UINT16_MAX) {
+               zlog_warn("%s: LSA specified is bigger than maximum LSA size, something is wrong",
+                         __func__);
+               len = UINT16_MAX;
+       }
+
        return msg_new(msgtype, nmsg, seqnum, len);
 }
 
@@ -666,6 +678,12 @@ struct msg *new_msg_reachable_change(uint32_t seqnum, uint16_t nadd,
        nmsg->nremove = htons(nremove);
        len = sizeof(*nmsg) + insz * (nadd + nremove);
 
+       if (len > UINT16_MAX) {
+               zlog_warn("%s: LSA specified is bigger than maximum LSA size, something is wrong",
+                         __func__);
+               len = UINT16_MAX;
+       }
+
        return msg_new(MSG_REACHABLE_CHANGE, nmsg, seqnum, len);
 }