bgpd: Make sure hdr length is at a minimum of what is expected

author Donald Sharp <sharpd@nvidia.com>

Thu, 21 Jul 2022 12:11:58 +0000 (08:11 -0400)

committer Mergify <37929162+mergify[bot]@users.noreply.github.com>

Tue, 11 Oct 2022 10:38:53 +0000 (10:38 +0000)
author Donald Sharp <sharpd@nvidia.com>
Thu, 21 Jul 2022 12:11:58 +0000 (08:11 -0400)
committer Mergify <37929162+mergify[bot]@users.noreply.github.com>
Tue, 11 Oct 2022 10:38:53 +0000 (10:38 +0000)
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c

index 7613ccc7dfc5067ceeb980f80003f15a9ea94b5d..a5f065a15c8ba405eb0975be2a3f1c7537295a3e 100644 (file)
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -2621,6 +2621,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
                                 "%s CAPABILITY has action: %d, code: %u, length %u",
                                 peer->host, action, hdr->code, hdr->length);
  
+               if (hdr->length < sizeof(struct capability_mp_data)) {
+                       zlog_info(
+                               "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
+                               peer, sizeof(struct capability_mp_data),
+                               hdr->length);
+                       return BGP_Stop;
+               }
+
                 /* Capability length check. */
                 if ((pnt + hdr->length + 3) > end) {
                         zlog_info("%s Capability length error", peer->host);
author	Donald Sharp <sharpd@nvidia.com>
	Thu, 21 Jul 2022 12:11:58 +0000 (08:11 -0400)
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>
	Tue, 11 Oct 2022 10:38:53 +0000 (10:38 +0000)