diff options
| author | Donald Sharp <donaldsharp72@gmail.com> | 2023-08-21 13:18:58 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-21 13:18:58 -0400 |
| commit | d8238e90ab8380955a057ef036caa811ab572092 (patch) | |
| tree | 5c96d72f7ece5d90f7ff582062ee9ed26357e5d4 | |
| parent | 7a4b91533bc2d3c0dcc7879e8a3bbeff0da31ec7 (diff) | |
| parent | 73ad93a83f18564bb7bff4659872f7ec1a64b05e (diff) | |
Merge pull request #14250 from FRRouting/mergify/bp/stable/9.0/pr-14241
bgpd: Check the length of the rcv software version (backport #14241)
| -rw-r--r-- | bgpd/bgp_open.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c index 0dd5463979..e7e3c2191a 100644 --- a/bgpd/bgp_open.c +++ b/bgpd/bgp_open.c @@ -940,8 +940,18 @@ static int bgp_capability_software_version(struct peer *peer, return -1; } - if (len) { + if (len > BGP_MAX_SOFT_VERSION) { + flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH, + "%s: Received Software Version, but the length is too big, truncating, from peer %s", + __func__, peer->host); + stream_get(str, s, BGP_MAX_SOFT_VERSION); + stream_forward_getp(s, len - BGP_MAX_SOFT_VERSION); + len = BGP_MAX_SOFT_VERSION; + } else if (len) { stream_get(str, s, len); + } + + if (len) { str[len] = '\0'; XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version); |