diff options
| author | Donatas Abraitis <donatas@opensourcerouting.org> | 2024-06-13 09:00:21 +0300 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-06-25 11:27:43 +0000 |
| commit | c01d60b037f0417ff1515dee5652f4115cc88ed5 (patch) | |
| tree | 2ff46bd15c147e40e6c55cea239a67d906e1946b | |
| parent | c105f9acd97b37463d8c8bbefc064e1f7a28ec16 (diff) | |
bgpd: Check if we have real stream data for tunnel encapsulation sub-tlvs
When the packet is malformed it can use whatever values it wants. Let's check
what the real data we have in a stream instead of relying on malformed values.
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 9929486d6bdb28469a5b626a17d5bc9991c83ce3)
| -rw-r--r-- | bgpd/bgp_attr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 9f377589e9..18c7b13535 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -2721,7 +2721,7 @@ static int bgp_attr_encap(struct bgp_attr_parser_args *args) } } - while (length >= 4) { + while (STREAM_READABLE(BGP_INPUT(peer)) >= 4) { uint16_t subtype = 0; uint16_t sublength = 0; struct bgp_attr_encap_subtlv *tlv; |