From 099111efa997efa69596cff9b3a598464fc854cf Mon Sep 17 00:00:00 2001
From: Christian Franke <nobody@nowhere.ws>
Date: Tue, 14 Jun 2016 20:07:00 +0200
Subject: [PATCH] bgpd: fix off-by-one in attribute flags handling

bgp_attr_flag_invalid can access beyond the last element of attr_flags_values.
Fix this by initializing attr_flags_values_max to the correct value.

Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 bgpd/bgp_attr.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index a366a09453..89b1c75f6b 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -1143,8 +1143,7 @@ const u_int8_t attr_flags_values [] = {
   [BGP_ATTR_AS4_PATH] =         BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
   [BGP_ATTR_AS4_AGGREGATOR] =   BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
 };
-static const size_t attr_flags_values_max =
-  sizeof (attr_flags_values) / sizeof (attr_flags_values[0]);
+static const size_t attr_flags_values_max = array_size(attr_flags_values) - 1;
 
 static int
 bgp_attr_flag_invalid (struct bgp_attr_parser_args *args)
-- 
2.39.5