From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Sat, 4 Jan 2020 02:22:44 +0000 (-0500)
Subject: zebra: reject ingress packets that are too large
X-Git-Tag: frr-7.2.1~4^2~8
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=df365916810a3516448dc1c80e25ea0472d38871;p=mirror%2Ffrr.git

zebra: reject ingress packets that are too large

There may be logic to prevent this ever happening earlier in the network
read path, but it doesn't hurt to double check it here, because clearly
deeper paths rely on this being the case.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 933a26f94a..29ee5c1be8 100644
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -2540,6 +2540,14 @@ void zserv_handle_commands(struct zserv *client, struct stream *msg)
 	struct zmsghdr hdr;
 	struct zebra_vrf *zvrf;
 
+	if (STREAM_READABLE(msg) > ZEBRA_MAX_PACKET_SIZ) {
+		if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV)
+			zlog_debug(
+				"ZAPI message is %zu bytes long but the maximum packet size is %u; dropping",
+				STREAM_READABLE(msg), ZEBRA_MAX_PACKET_SIZ);
+		return;
+	}
+
 	zapi_parse_header(msg, &hdr);
 
 	if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV)