zebra: Fix incorrect reading of REMOTE_VTEP_[ADD|DEL]

With flooding control added recently we were not properly handling
the new flood control parameter in zebra_vxlan.c handler functions.
The error message that was being repeatedly seen:

2019/05/01 00:47:32 ZEBRA: [EC 100663311] stream_get2: Attempt to get out of bounds
2019/05/01 00:47:32 ZEBRA: [EC 100663311] &(struct stream): 0x7f0f04001740, size: 22, getp: 22, endp: 22

The fix was to ensure that both the _add and _del functions kept proper
sizing of amount of data read *and* the _del function was not
reading the flood_control data from the stream.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>

diff --git a/zebra/zebra_vxlan.c b/zebra/zebra_vxlan.c
index a2e21713045fd9a2e43749d718430b9e405751b6..525ead5a0dfcee50cbdef3ca408cf7f0fcb6950d 100644 (file)
--- a/zebra/zebra_vxlan.c
+++ b/zebra/zebra_vxlan.c
@@ -7858,12 +7858,18 @@ void zebra_vxlan_remote_vtep_del(ZAPI_HANDLER_ARGS)
        s = msg;
 
        while (l < hdr->length) {
+               int flood_control;
+
                /* Obtain each remote VTEP and process. */
                STREAM_GETL(s, vni);
                l += 4;
                STREAM_GET(&vtep_ip.s_addr, s, IPV4_MAX_BYTELEN);
                l += IPV4_MAX_BYTELEN;
 
+               /* Flood control is intentionally ignored right now */
+               STREAM_GETL(s, flood_control);
+               l += 4;
+
                if (IS_ZEBRA_DEBUG_VXLAN)
                        zlog_debug("Recv VTEP_DEL %s VNI %u from %s",
                                   inet_ntoa(vtep_ip), vni,
@@ -7949,7 +7955,7 @@ void zebra_vxlan_remote_vtep_add(ZAPI_HANDLER_ARGS)
                l += 4;
                STREAM_GET(&vtep_ip.s_addr, s, IPV4_MAX_BYTELEN);
                STREAM_GETL(s, flood_control);
-               l += IPV4_MAX_BYTELEN;
+               l += IPV4_MAX_BYTELEN + 4;
 
                if (IS_ZEBRA_DEBUG_VXLAN)
                        zlog_debug("Recv VTEP_ADD %s VNI %u flood %d from %s",