From: Igor Ryzhov <iryzhov@nfware.com>
Date: Fri, 6 Aug 2021 14:09:46 +0000 (+0300)
Subject: bgpd: add protection against too large opaque data structure
X-Git-Tag: base_8.1~231^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=refs%2Fpull%2F9313%2Fhead;p=mirror%2Ffrr.git

bgpd: add protection against too large opaque data structure

BGP opaque data shouldn't be larger than zebra's buffer.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
---

diff --git a/lib/route_opaque.h b/lib/route_opaque.h
index fd4e3d5891..7c4e9a16e1 100644
--- a/lib/route_opaque.h
+++ b/lib/route_opaque.h
@@ -21,6 +21,9 @@
 #ifndef FRR_ROUTE_OPAQUE_H
 #define FRR_ROUTE_OPAQUE_H
 
+#include "assert.h"
+#include "zclient.h"
+
 #include "bgpd/bgp_aspath.h"
 #include "bgpd/bgp_community.h"
 #include "bgpd/bgp_lcommunity.h"
@@ -35,4 +38,7 @@ struct bgp_zebra_opaque {
 	char lcommunity[LCOMMUNITY_SIZE * 30];
 };
 
+static_assert(sizeof(struct bgp_zebra_opaque) <= ZAPI_MESSAGE_OPAQUE_LENGTH,
+              "BGP opaque data shouldn't be larger than zebra's buffer");
+
 #endif /* FRR_ROUTE_OPAQUE_H */