bgpd: Make sure we have enough data to read two bytes when validating AIGP - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Donatas Abraitis <donatas@opensourcerouting.org>	2023-08-18 11:28:03 +0300
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>	2023-08-24 11:44:44 +0000
commit	460ee930d6dbce6e96ecbfcd568a291f31bae24e (patch)
tree	0619a8a17cea1e95ffed74c3e9b36257aa3fd159 /pceplib/pcep_msg_objects_encoding.c
parent	9993bc19ad9ff7d1e873ac9070e9fb2367b97919 (diff)

bgpd: Make sure we have enough data to read two bytes when validating AIGP

Found when fuzzing: ``` ==3470861==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff77801ef7 at pc 0xaaaaba7b3dbc bp 0xffffcff0e760 sp 0xffffcff0df50 READ of size 2 at 0xffff77801ef7 thread T0 0 0xaaaaba7b3db8 in __asan_memcpy (/home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgpd+0x363db8) (BuildId: cc710a2356e31c7f4e4a17595b54de82145a6e21) 1 0xaaaaba81a8ac in ptr_get_be16 /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/./lib/stream.h:399:2 2 0xaaaaba819f2c in bgp_attr_aigp_valid /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:504:3 3 0xaaaaba808c20 in bgp_attr_aigp /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3275:7 4 0xaaaaba7ff4e0 in bgp_attr_parse /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3678:10 ``` Reported-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> (cherry picked from commit f96201e104892e18493f24cf67bb713678e8237b)

Diffstat (limited to 'pceplib/pcep_msg_objects_encoding.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: