From: paco <paco@voltanet.io>
Date: Mon, 25 Jun 2018 13:25:26 +0000 (+0200)
Subject: pimd: untrusted argument (2) (Coverity 1465491)
X-Git-Tag: frr-6.1-dev~253^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=d94023d85c1682ae14def9d50f2474e8e6290e44;p=matthieu%2Ffrr.git

pimd: untrusted argument (2) (Coverity 1465491)

Additional fix over 18e994a0437cfba9f4c09bd62293e13e49ea774b (PR #2457)

Previous correction was not enough for fixing the Coverity warning. Now we
ensure we don't overflow the buffer.

Signed-off-by: F. Aragon <paco@voltanet.io>
---

diff --git a/pimd/mtracebis.c b/pimd/mtracebis.c
index c63a6eeca9..a0e8fd1270 100644
--- a/pimd/mtracebis.c
+++ b/pimd/mtracebis.c
@@ -303,6 +303,9 @@ static int recv_response(int fd, int *hops, struct igmp_mtrace *mtracer)
 	if (mtrace_len < (int)MTRACE_HDR_SIZE)
 		return -1;
 
+	if (mtrace_len > (int)MTRACE_BUF_LEN)
+		return -1;
+
 	sum = mtrace->checksum;
 	mtrace->checksum = 0;
 	if (sum != in_cksum(mtrace, mtrace_len)) {