From e316f9ab5a47582b33724520e33376957d36ed66 Mon Sep 17 00:00:00 2001
From: Christian Franke <chris@opensourcerouting.org>
Date: Thu, 12 Nov 2015 14:09:08 +0100
Subject: [PATCH] isisd: don't corrupt memory for long hostnames

Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 isisd/isis_lsp.c | 13 ++++++++++---
 isisd/isis_tlv.h |  2 ++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
index 82554d13ce..2482b126c8 100644
--- a/isisd/isis_lsp.c
+++ b/isisd/isis_lsp.c
@@ -1222,12 +1222,19 @@ lsp_build (struct isis_lsp *lsp, struct isis_area *area)
   /* Dynamic Hostname */
   if (area->dynhostname)
     {
+      const char *hostname = unix_hostname();
+      size_t hostname_len = strlen(hostname);
+
       lsp->tlv_data.hostname = XMALLOC (MTYPE_ISIS_TLV,
 					sizeof (struct hostname));
 
-      memcpy (lsp->tlv_data.hostname->name, unix_hostname (),
-	      strlen (unix_hostname ()));
-      lsp->tlv_data.hostname->namelen = strlen (unix_hostname ());
+      strncpy((char *)lsp->tlv_data.hostname->name, hostname,
+              sizeof(lsp->tlv_data.hostname->name));
+      if (hostname_len <= MAX_TLV_LEN)
+        lsp->tlv_data.hostname->namelen = hostname_len;
+      else
+        lsp->tlv_data.hostname->namelen = MAX_TLV_LEN;
+
       tlv_add_dynamic_hostname (lsp->tlv_data.hostname, lsp->pdu);
     }
 
diff --git a/isisd/isis_tlv.h b/isisd/isis_tlv.h
index e092f4d6d2..f5b59a7963 100644
--- a/isisd/isis_tlv.h
+++ b/isisd/isis_tlv.h
@@ -112,6 +112,8 @@
 
 #define AUTH_INFO_HDRLEN          3
 
+#define MAX_TLV_LEN 255
+
 #define IS_NEIGHBOURS_LEN (ISIS_SYS_ID_LEN + 5)
 #define LAN_NEIGHBOURS_LEN 6
 #define LSP_ENTRIES_LEN (10 + ISIS_SYS_ID_LEN)	/* FIXME: should be entry */
-- 
2.39.5