diff options
| author | Donatas Abraitis <donatas.abraitis@gmail.com> | 2020-04-07 09:47:28 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-07 09:47:28 +0300 |
| commit | 7611871dfc447bc56f6b4e7c2937f0583ebf000f (patch) | |
| tree | b208e4bfe0d0859216fa8a5a9bff29ffa8337a6a | |
| parent | 6b1d9f37ec25399bbbb0bfc1c2e33d35877b5c35 (diff) | |
| parent | 33ba22c24874b12916c4ea0fc57e9e188ce7c18d (diff) | |
Merge pull request #6167 from qlyoung/fix-cluster-list-uaf
bgpd: treat 0-length cluster_list as withdraw
| -rw-r--r-- | bgpd/bgp_attr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index b3944e5f28..47d9d3ad35 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1894,7 +1894,7 @@ bgp_attr_cluster_list(struct bgp_attr_parser_args *args) * malformed, the UPDATE message SHALL be handled using the approach * of "treat-as-withdraw". */ - if (length % 4) { + if (length == 0 || length % 4) { flog_err(EC_BGP_ATTR_LEN, "Bad cluster list length %d", length); return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, |