From 871b46e7eb86009f1bea3cf397a8d2c38ceacd40 Mon Sep 17 00:00:00 2001
From: Olivier Dugeon <olivier.dugeon@orange.com>
Date: Fri, 21 Apr 2023 18:09:28 +0200
Subject: [PATCH] lib: Link State memory corruption

In function ls_find_subnet(), prefix argument is directly copied into
subnet.key structure to find corresponding subnet in RB Tree. This could leadr
to a memory corruption. Function prefix_copy() must be used instead.

This patch replaces the direct prefix copy by a call to prefix_copy() function
to avoid this memory issue.

Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
---
 lib/link_state.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/link_state.c b/lib/link_state.c
index 0aba021b1a..c06a42b64e 100644
--- a/lib/link_state.c
+++ b/lib/link_state.c
@@ -947,7 +947,10 @@ struct ls_subnet *ls_find_subnet(struct ls_ted *ted,
 {
 	struct ls_subnet subnet = {};
 
-	subnet.key = *prefix;
+	if (!prefix)
+		return NULL;
+
+	prefix_copy(&subnet.key, prefix);
 	return subnets_find(&ted->subnets, &subnet);
 }
 
-- 
2.39.5