From: David Lamparter <equinox@diac24.net>
Date: Wed, 12 Jun 2019 21:17:26 +0000 (+0200)
Subject: bgpd: fix uninitialized & wrong endian NOTIFY
X-Git-Tag: base_7.2~221^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=6dcef54cbf8e08e6b9fde2997375818f4fb9a2e8;p=mirror%2Ffrr.git

bgpd: fix uninitialized & wrong endian NOTIFY

notify_data_remote_as4 would contain garbage if optlen == 0, and also
as4 is in host byte order while the notify needs network byte order.

Signed-off-by: David Lamparter <equinox@diac24.net>
---

diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 655a4745cb..295e62b7cf 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -1045,7 +1045,7 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
 	uint16_t holdtime;
 	uint16_t send_holdtime;
 	as_t remote_as;
-	as_t as4 = 0;
+	as_t as4 = 0, as4_be;
 	struct in_addr remote_id;
 	int mp_capability;
 	uint8_t notify_data_remote_as[2];
@@ -1088,9 +1088,11 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
 		 * that we do not know which peer is connecting to us now.
 		 */
 		as4 = peek_for_as4_capability(peer, optlen);
-		memcpy(notify_data_remote_as4, &as4, 4);
 	}
 
+	as4_be = htonl(as4);
+	memcpy(notify_data_remote_as4, &as4_be, 4);
+
 	/* Just in case we have a silly peer who sends AS4 capability set to 0
 	 */
 	if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) {