From: Francois Dumontet <francois.dumontet@6wind.com>
Date: Mon, 13 Nov 2023 13:44:19 +0000 (+0100)
Subject: bgpd: fix coverity issue in bgp_snmp_bgp4v2.c
X-Git-Tag: base_10.0~283^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=0a988bd114cdf143fe301e3056189c095a2cc6f5;p=matthieu%2Ffrr.git

bgpd: fix coverity issue in bgp_snmp_bgp4v2.c

CID 1570969 Overrun
/bgpd/bgp_snmp_bgp4v2.c: 534 in bgp4v2PathAttrLookup()
/bgpd/bgp_snmp_bgp4v2.c: 575 in bgp4v2PathAttrLookup()
/bgpd/bgp_snmp_bgp4v2.c: 514 in bgp4v2PathAttrLookup()

>>>     CID 1570969:    (OVERRUN)
>>>     Overrunning array "bgp->rib" of 4 64-byte elements at element index 4 (byte offset 319) using index "afi" (which evaluates to 4).

Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
---

diff --git a/bgpd/bgp_snmp_bgp4v2.c b/bgpd/bgp_snmp_bgp4v2.c
index 34d07a09a5..3b499271c8 100644
--- a/bgpd/bgp_snmp_bgp4v2.c
+++ b/bgpd/bgp_snmp_bgp4v2.c
@@ -452,6 +452,7 @@ bgp4v2PathAttrLookup(struct variable *v, oid name[], size_t *length,
 		return NULL;
 	afi = afi_iana2int(name[namelen - 1]);
 	afi_len = afi == AFI_IP ? IN_ADDR_SIZE : IN6_ADDR_SIZE;
+	assert(IS_VALID_AFI(afi));
 
 #define BGP_NLRI_ENTRY_OFFSET namelen