vrrpd: allow creation of adverts with no addresses

Fuzz testing revealed a crash in which VRRPD tries to create an
advertisement packet with no IP addresses. Should never occur under
normal use but might as well patch.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

diff --git a/vrrpd/vrrp_packet.c b/vrrpd/vrrp_packet.c
index 903bb3ae6c6bb437607661526a2c5f8172b63c0b..7dcb2933f849099abf07803e7c7d5761f4eda3b8 100644 (file)
--- a/vrrpd/vrrp_packet.c
+++ b/vrrpd/vrrp_packet.c
@@ -107,12 +107,17 @@ ssize_t vrrp_pkt_adver_build(struct vrrp_pkt **pkt, struct ipaddr *src,
                             uint16_t max_adver_int, uint8_t numip,
                             struct ipaddr **ips)
 {
-       bool v6 = IS_IPADDR_V6(ips[0]);
+       bool v6 = false;
+       size_t addrsz = 0;
 
        assert(version >= 2 && version <= 3);
        assert(!(version == 2 && v6));
 
-       size_t addrsz = IPADDRSZ(ips[0]);
+       if (numip > 0) {
+               v6 = IS_IPADDR_V6(ips[0]);
+               addrsz = IPADDRSZ(ips[0]);
+       }
+
        size_t pktsize = VRRP_PKT_SIZE(v6 ? AF_INET6 : AF_INET, numip);
        *pkt = XCALLOC(MTYPE_VRRP_PKT, pktsize);