pimd: When receiving a packet be more careful with length in pim_pim_packet

a) If the length passed is the header length then it is possible that
assignment of data will happen without data actually existing.

b) Just move the assignment to after we ensure that the pim packet
received is the minimum possible length that can be received.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 3163c64d2893b5411d299952ff16dfc05e2c7a86)

diff --git a/pimd/pim_pim.c b/pimd/pim_pim.c
index 6a926fae86af9cab46c993bc5e6473fc707fcfcb..9c90846b6150a80edd9a16991fbb081a97019254 100644 (file)
--- a/pimd/pim_pim.c
+++ b/pimd/pim_pim.c
@@ -168,7 +168,7 @@ int pim_pim_packet(struct interface *ifp, uint8_t *buf, size_t len,
        bool   no_fwd;
 
 #if PIM_IPV == 4
-       if (len < sizeof(*ip_hdr)) {
+       if (len <= sizeof(*ip_hdr)) {
                if (PIM_DEBUG_PIM_PACKETS)
                        zlog_debug(
                                "PIM packet size=%zu shorter than minimum=%zu",
@@ -202,7 +202,6 @@ int pim_pim_packet(struct interface *ifp, uint8_t *buf, size_t len,
        iovp->iov_len = pim_msg_len;
        iovp++;
 
-       header = (struct pim_msg_header *)pim_msg;
        if (pim_msg_len < PIM_PIM_MIN_LEN) {
                if (PIM_DEBUG_PIM_PACKETS)
                        zlog_debug(
@@ -210,6 +209,7 @@ int pim_pim_packet(struct interface *ifp, uint8_t *buf, size_t len,
                                pim_msg_len, PIM_PIM_MIN_LEN);
                return -1;
        }
+       header = (struct pim_msg_header *)pim_msg;
 
        if (header->ver != PIM_PROTO_VERSION) {
                if (PIM_DEBUG_PIM_PACKETS)