From b5bb70e3779f4e9dcf93edc64c7c47bda533bcd7 Mon Sep 17 00:00:00 2001
From: Igor Ryzhov <iryzhov@nfware.com>
Date: Fri, 6 Aug 2021 17:09:46 +0300
Subject: [PATCH] bgpd: add protection against too large opaque data structure

BGP opaque data shouldn't be larger than zebra's buffer.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
---
 lib/route_opaque.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/route_opaque.h b/lib/route_opaque.h
index fd4e3d5891..7c4e9a16e1 100644
--- a/lib/route_opaque.h
+++ b/lib/route_opaque.h
@@ -21,6 +21,9 @@
 #ifndef FRR_ROUTE_OPAQUE_H
 #define FRR_ROUTE_OPAQUE_H
 
+#include "assert.h"
+#include "zclient.h"
+
 #include "bgpd/bgp_aspath.h"
 #include "bgpd/bgp_community.h"
 #include "bgpd/bgp_lcommunity.h"
@@ -35,4 +38,7 @@ struct bgp_zebra_opaque {
 	char lcommunity[LCOMMUNITY_SIZE * 30];
 };
 
+static_assert(sizeof(struct bgp_zebra_opaque) <= ZAPI_MESSAGE_OPAQUE_LENGTH,
+              "BGP opaque data shouldn't be larger than zebra's buffer");
+
 #endif /* FRR_ROUTE_OPAQUE_H */
-- 
2.39.5