diff options
| author | Donatas Abraitis <donatas@opensourcerouting.org> | 2023-08-30 17:29:11 +0300 |
|---|---|---|
| committer | Donatas Abraitis <donatas@opensourcerouting.org> | 2023-08-30 17:29:11 +0300 |
| commit | 7d5873cdc46b51196f12181dae6069a15fb87d67 (patch) | |
| tree | 6d3a34172662deaf3ec12a576853a9b6e02ed69a | |
| parent | 23fa9b4107e415113525987a66b1677dcafac743 (diff) | |
bgpd: Make sure we have enough data to read restart time and flags for GR cap
Just a safety check to avoid out of bound reading.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
| -rw-r--r-- | bgpd/bgp_packet.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c index 97a68626e4..f59fd0a615 100644 --- a/bgpd/bgp_packet.c +++ b/bgpd/bgp_packet.c @@ -2817,8 +2817,15 @@ static void bgp_dynamic_capability_graceful_restart(uint8_t *pnt, int action, uint16_t gr_restart_flag_time; uint8_t *data = pnt + 3; uint8_t *end = pnt + hdr->length; + size_t len = end - data; if (action == CAPABILITY_ACTION_SET) { + if (len < sizeof(gr_restart_flag_time)) { + zlog_err("%pBP: Received invalid Graceful-Restart capability length %d", + peer, hdr->length); + return; + } + SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV); ptr_get_be16(data, &gr_restart_flag_time); data += sizeof(gr_restart_flag_time); |