bgpd: Make sure we have enough data to read two bytes when validating AIGP - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Donatas Abraitis <donatas@opensourcerouting.org>	2023-08-18 11:28:03 +0300
committer	Donatas Abraitis <donatas@opensourcerouting.org>	2023-08-20 21:26:00 +0300
commit	f96201e104892e18493f24cf67bb713678e8237b (patch)
tree	766e4bbb188922ea8a8aaebda94e7f78a2151605 /lib/csv.h
parent	1b52af80fd00e8abe3aa11fa6ccbca4f4a359353 (diff)

bgpd: Make sure we have enough data to read two bytes when validating AIGP

Found when fuzzing: ``` ==3470861==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff77801ef7 at pc 0xaaaaba7b3dbc bp 0xffffcff0e760 sp 0xffffcff0df50 READ of size 2 at 0xffff77801ef7 thread T0 0 0xaaaaba7b3db8 in __asan_memcpy (/home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgpd+0x363db8) (BuildId: cc710a2356e31c7f4e4a17595b54de82145a6e21) 1 0xaaaaba81a8ac in ptr_get_be16 /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/./lib/stream.h:399:2 2 0xaaaaba819f2c in bgp_attr_aigp_valid /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:504:3 3 0xaaaaba808c20 in bgp_attr_aigp /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3275:7 4 0xaaaaba7ff4e0 in bgp_attr_parse /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3678:10 ``` Reported-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

Diffstat (limited to 'lib/csv.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: