From d2b6417bd6f91cdc614c3bf983370c030f03642b Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Fri, 3 Nov 2017 15:25:31 -0400 Subject: [PATCH] bgpd: Prevent infinite loop when reading capabilities If the user has configured the ability to override the capabilities or if the afi/safi passed as part of the _MP capability is not understood, then we can enter into an infinite loop as part of the capability parsing. Signed-off-by: Donald Sharp --- bgpd/bgp_packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c index a66d0590c9..79ce550a38 100644 --- a/bgpd/bgp_packet.c +++ b/bgpd/bgp_packet.c @@ -2011,6 +2011,7 @@ static int bgp_capability_msg_parse(struct peer *peer, u_char *pnt, /* Fetch structure to the byte stream. */ memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data)); + pnt += hdr->length + 3; /* We know MP Capability Code. */ if (hdr->code == CAPABILITY_CODE_MP) { @@ -2063,7 +2064,6 @@ static int bgp_capability_msg_parse(struct peer *peer, u_char *pnt, "%s unrecognized capability code: %d - ignored", peer->host, hdr->code); } - pnt += hdr->length + 3; } return 0; } -- 2.39.5