zebra: Ensure stream is long enough

author Donald Sharp <sharpd@nvidia.com>

Wed, 11 Aug 2021 12:00:03 +0000 (08:00 -0400)

committer Donald Sharp <sharpd@nvidia.com>

Thu, 12 Aug 2021 19:29:47 +0000 (15:29 -0400)
author Donald Sharp <sharpd@nvidia.com>
Wed, 11 Aug 2021 12:00:03 +0000 (08:00 -0400)
committer Donald Sharp <sharpd@nvidia.com>
Thu, 12 Aug 2021 19:29:47 +0000 (15:29 -0400)
diff --git a/zebra/zebra_evpn_mh.c b/zebra/zebra_evpn_mh.c

index f0d4d2b8c971d6844cc7f85d58080b0e59b1acb2..c0cc57fc69eb0ada572b3e41aa852013bddad166 100644 (file)
--- a/zebra/zebra_evpn_mh.c
+++ b/zebra/zebra_evpn_mh.c
@@ -3920,8 +3920,18 @@ void zebra_evpn_proc_remote_nh(ZAPI_HANDLER_ARGS)
         struct ipaddr nh;
         struct ethaddr rmac;
         struct prefix_evpn dummy_prefix;
+       size_t min_len = 4 + sizeof(nh);
  
         s = msg;
+
+       /*
+        * Ensure that the stream sent to us is long enough
+        */
+       if (hdr->command == ZEBRA_EVPN_REMOTE_NH_ADD)
+               min_len += sizeof(rmac);
+       if (hdr->length < min_len)
+               return;
+
         vrf_id = stream_getl(s);
         stream_get(&nh, s, sizeof(nh));
author	Donald Sharp <sharpd@nvidia.com>
	Wed, 11 Aug 2021 12:00:03 +0000 (08:00 -0400)
committer	Donald Sharp <sharpd@nvidia.com>
	Thu, 12 Aug 2021 19:29:47 +0000 (15:29 -0400)