]> git.puffer.fish Git - mirror/frr.git/commit
projects / mirror / frr.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eb9e286) | patch
bgpd: fix illegal memory access in bgp_ls_tlv_check_size()
authorLouis Scalbert <louis.scalbert@6wind.com>
Thu, 28 Sep 2023 13:27:27 +0000 (15:27 +0200)
committerLouis Scalbert <louis.scalbert@6wind.com>
Thu, 28 Sep 2023 13:27:27 +0000 (15:27 +0200)
commitdae5791c446cd18d8cda93a1e578fff2cd27be10
tree3243e2c96194b347665d648d87fe23202bc99b57tree | snapshot
parenteb9e2865116777661c44963769c1a5fed764b7f9commit | diff
bgpd: fix illegal memory access in bgp_ls_tlv_check_size()

Fix illegal memory access bgp_ls_tlv_check_size() if type is 1253.

> CID 1568377 (#4 of 4): Out-of-bounds read (OVERRUN)
> 5. overrun-local: Overrunning array bgp_linkstate_tlv_infos of 1253 16-byte elements at element index 1253 (byte offset 20063) using index type (which evaluates to 1253).

Fixes: 7e0d9ff8ba ("bgpd: display link-state prefixes detail")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
bgpd/bgp_linkstate_tlv.c diff | blob | history
bgpd/bgp_linkstate_tlv.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.