bgpd: Check the length of the rcv software version

author Donatas Abraitis <donatas@opensourcerouting.org>

Sun, 20 Aug 2023 18:37:25 +0000 (21:37 +0300)

committer Mergify <37929162+mergify[bot]@users.noreply.github.com>

Mon, 21 Aug 2023 13:34:47 +0000 (13:34 +0000)
author Donatas Abraitis <donatas@opensourcerouting.org>
Sun, 20 Aug 2023 18:37:25 +0000 (21:37 +0300)
committer Mergify <37929162+mergify[bot]@users.noreply.github.com>
Mon, 21 Aug 2023 13:34:47 +0000 (13:34 +0000)
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c

index 0dd5463979adb6c53784d9309d4f918ae758f9dc..e7e3c2191a7add35de885a663d5f769143295454 100644 (file)
--- a/bgpd/bgp_open.c
+++ b/bgpd/bgp_open.c
@@ -940,8 +940,18 @@ static int bgp_capability_software_version(struct peer *peer,
                 return -1;
         }
  
-       if (len) {
+       if (len > BGP_MAX_SOFT_VERSION) {
+               flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
+                         "%s: Received Software Version, but the length is too big, truncating, from peer %s",
+                         __func__, peer->host);
+               stream_get(str, s, BGP_MAX_SOFT_VERSION);
+               stream_forward_getp(s, len - BGP_MAX_SOFT_VERSION);
+               len = BGP_MAX_SOFT_VERSION;
+       } else if (len) {
                 stream_get(str, s, len);
+       }
+
+       if (len) {
                 str[len] = '\0';
  
                 XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version);
author	Donatas Abraitis <donatas@opensourcerouting.org>
	Sun, 20 Aug 2023 18:37:25 +0000 (21:37 +0300)
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>
	Mon, 21 Aug 2023 13:34:47 +0000 (13:34 +0000)