diff options
| author | Donatas Abraitis <donatas@opensourcerouting.org> | 2023-08-20 21:37:25 +0300 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-08-21 13:34:47 +0000 |
| commit | 73ad93a83f18564bb7bff4659872f7ec1a64b05e (patch) | |
| tree | 5c96d72f7ece5d90f7ff582062ee9ed26357e5d4 | |
| parent | 7a4b91533bc2d3c0dcc7879e8a3bbeff0da31ec7 (diff) | |
bgpd: Check the length of the rcv software version
Make sure we don't exceed the maximum of BGP_MAX_SOFT_VERSION.
The Capability Length SHOULD be no greater than 64.
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit b4d09af9194d20a7f9f16995a062f5d8e3d32840)
| -rw-r--r-- | bgpd/bgp_open.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c index 0dd5463979..e7e3c2191a 100644 --- a/bgpd/bgp_open.c +++ b/bgpd/bgp_open.c @@ -940,8 +940,18 @@ static int bgp_capability_software_version(struct peer *peer, return -1; } - if (len) { + if (len > BGP_MAX_SOFT_VERSION) { + flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH, + "%s: Received Software Version, but the length is too big, truncating, from peer %s", + __func__, peer->host); + stream_get(str, s, BGP_MAX_SOFT_VERSION); + stream_forward_getp(s, len - BGP_MAX_SOFT_VERSION); + len = BGP_MAX_SOFT_VERSION; + } else if (len) { stream_get(str, s, len); + } + + if (len) { str[len] = '\0'; XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version); |