diff options
| author | Donatas Abraitis <donatas@opensourcerouting.org> | 2025-01-02 13:10:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-02 13:10:19 +0200 |
| commit | 9f557b33096241059054c0836fb557ec421f9eb0 (patch) | |
| tree | 110fa1433c4957059920d3f47f71ca7e6d61c561 | |
| parent | ad1766d17be022587fe05ebe1a7bf10e1b7dce19 (diff) | |
| parent | 9ed1e92e1be41c2f3352278250a6f79dd9134890 (diff) | |
Merge pull request #16864 from FRRouting/mergify/bp/stable/9.1/pr-16860
ospfd: Fix heap corruption vulnerability when parsing SR-Algorithm TLV (backport #16860)
| -rw-r--r-- | ospfd/ospf_sr.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ospfd/ospf_sr.c b/ospfd/ospf_sr.c index e26fe6f53a..db7e4180f5 100644 --- a/ospfd/ospf_sr.c +++ b/ospfd/ospf_sr.c @@ -1459,7 +1459,8 @@ void ospf_sr_ri_lsa_update(struct ospf_lsa *lsa) /* Update Algorithm, SRLB and MSD if present */ if (algo != NULL) { int i; - for (i = 0; i < ntohs(algo->header.length); i++) + for (i = 0; + i < ntohs(algo->header.length) && i < ALGORITHM_COUNT; i++) srn->algo[i] = algo->value[0]; for (; i < ALGORITHM_COUNT; i++) srn->algo[i] = SR_ALGORITHM_UNSET; |