#include "ospfd/ospf_route.h"
#include "ospfd/ospf_zebra.h"
#include "ospfd/ospf_api.h"
+#include "ospfd/ospf_errors.h"
#include "ospf_apiclient.h"
{
struct msg_lsa_change_notify *cn;
struct lsa_header *lsa;
- int lsalen;
+ uint16_t lsalen;
cn = (struct msg_lsa_change_notify *)STREAM_DATA(msg->s);
/* Extract LSA from message */
lsalen = ntohs(cn->data.length);
+ if (lsalen > OSPF_MAX_LSA_SIZE) {
+ flog_warn(
+ EC_OSPF_LARGE_LSA,
+ "%s: message received size: %d is greater than a LSA size: %d",
+ __func__, lsalen, OSPF_MAX_LSA_SIZE);
+ return;
+ }
lsa = XMALLOC(MTYPE_OSPF_APICLIENT, lsalen);
memcpy(lsa, &(cn->data), lsalen);
{
struct msg_lsa_change_notify *cn;
struct lsa_header *lsa;
- int lsalen;
+ uint16_t lsalen;
cn = (struct msg_lsa_change_notify *)STREAM_DATA(msg->s);
/* Extract LSA from message */
lsalen = ntohs(cn->data.length);
+ if (lsalen > OSPF_MAX_LSA_SIZE) {
+ flog_warn(
+ EC_OSPF_LARGE_LSA,
+ "%s: message received size: %d is greater than a LSA size: %d",
+ __func__, lsalen, OSPF_MAX_LSA_SIZE);
+ return;
+ }
lsa = XMALLOC(MTYPE_OSPF_APICLIENT, lsalen);
memcpy(lsa, &(cn->data), lsalen);
projects / mirror / frr.git / commitdiff