From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Mon, 11 Feb 2019 16:36:09 +0000 (+0000)
Subject: vrrpd: allow creation of adverts with no addresses
X-Git-Tag: base_7.2~330^2~95
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=3d55d46721183994a5cbabe049b890a55c8dfef0;p=matthieu%2Ffrr.git

vrrpd: allow creation of adverts with no addresses

Fuzz testing revealed a crash in which VRRPD tries to create an
advertisement packet with no IP addresses. Should never occur under
normal use but might as well patch.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---

diff --git a/vrrpd/vrrp_packet.c b/vrrpd/vrrp_packet.c
index 903bb3ae6c..7dcb2933f8 100644
--- a/vrrpd/vrrp_packet.c
+++ b/vrrpd/vrrp_packet.c
@@ -107,12 +107,17 @@ ssize_t vrrp_pkt_adver_build(struct vrrp_pkt **pkt, struct ipaddr *src,
 			     uint16_t max_adver_int, uint8_t numip,
 			     struct ipaddr **ips)
 {
-	bool v6 = IS_IPADDR_V6(ips[0]);
+	bool v6 = false;
+	size_t addrsz = 0;
 
 	assert(version >= 2 && version <= 3);
 	assert(!(version == 2 && v6));
 
-	size_t addrsz = IPADDRSZ(ips[0]);
+	if (numip > 0) {
+		v6 = IS_IPADDR_V6(ips[0]);
+		addrsz = IPADDRSZ(ips[0]);
+	}
+
 	size_t pktsize = VRRP_PKT_SIZE(v6 ? AF_INET6 : AF_INET, numip);
 	*pkt = XCALLOC(MTYPE_VRRP_PKT, pktsize);