pimd: fix negative bitshift

Valid range for hashmasklen is 0-32 under IPv4; failure to validate this
results in a negative bitshift later

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

diff --git a/pimd/pim_bsm.c b/pimd/pim_bsm.c
index ad47427101bbb1c46a1b812896d2edbe077c8a96..d949c657bd46c227a86a53aac319818334e7bd88 100644 (file)
--- a/pimd/pim_bsm.c
+++ b/pimd/pim_bsm.c
@@ -1282,6 +1282,13 @@ int pim_bsm_process(struct interface *ifp, struct ip *ip_hdr, uint8_t *buf,
        bshdr = (struct bsm_hdr *)(buf + PIM_MSG_HEADER_LEN);
        pim_inet4_dump("<bsr?>", bshdr->bsr_addr.addr, bsr_str,
                       sizeof(bsr_str));
+       if (bshdr->hm_len > 32) {
+               zlog_warn("Bad hashmask length for IPv4; got %" PRIu8
+                         ", expected value in range 0-32",
+                         bshdr->hm_len);
+               pim->bsm_dropped++;
+               return -1;
+       }
        pim->global_scope.hashMasklen = bshdr->hm_len;
        frag_tag = ntohs(bshdr->frag_tag);