bgpd: fix last_reset_cause setup

last_reset_cause_size is the length *used* in last_reset_cause[].  It's
straight up used wrong here; we're saving off a reset cause and need to
check against the *available* size in last_reset_cause[].

This could actually have led to (hopefully rare) crashes in the assert
there, since the assert condition might fail incorrectly.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

2 files changed, 4 insertions, 4 deletions

diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 5654fe5329..9a836f2215 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -681,9 +681,9 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
 	 * in place because we are sometimes called with a doppelganger peer,
 	 * who tends to have a plethora of fields nulled out.
 	 */
-	if (peer->curr && peer->last_reset_cause_size) {
+	if (peer->curr) {
 		size_t packetsize = stream_get_endp(peer->curr);
-		assert(packetsize <= peer->last_reset_cause_size);
+		assert(packetsize <= sizeof(peer->last_reset_cause));
 		memcpy(peer->last_reset_cause, peer->curr->data, packetsize);
 		peer->last_reset_cause_size = packetsize;
 	}
diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
index 4bce73898f..8bdc0099ae 100644
--- a/bgpd/bgpd.h
+++ b/bgpd/bgpd.h
@@ -1153,7 +1153,7 @@ struct peer {
 	unsigned long weight[AFI_MAX][SAFI_MAX];
 
 	/* peer reset cause */
-	char last_reset;
+	uint8_t last_reset;
 #define PEER_DOWN_RID_CHANGE             1 /* bgp router-id command */
 #define PEER_DOWN_REMOTE_AS_CHANGE       2 /* neighbor remote-as command */
 #define PEER_DOWN_LOCAL_AS_CHANGE        3 /* neighbor local-as command */
@@ -1180,7 +1180,7 @@ struct peer {
 #define PEER_DOWN_BFD_DOWN              24 /* BFD down */
 #define PEER_DOWN_IF_DOWN               25 /* Interface down */
 #define PEER_DOWN_NBR_ADDR_DEL          26 /* Peer address lost */
-	unsigned long last_reset_cause_size;
+	size_t last_reset_cause_size;
 	uint8_t last_reset_cause[BGP_MAX_PACKET_SIZE];
 
 	/* The kind of route-map Flags.*/