summaryrefslogtreecommitdiff
path: root/zebra/rt_netlink.c
diff options
context:
space:
mode:
authorDonatas Abraitis <donatas@opensourcerouting.org>2022-07-17 22:31:48 +0300
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2022-07-18 16:41:29 +0000
commite55f89c770ea74840e2b4617779dafed6065fc1c (patch)
tree8c9afc85557e8df259795a381e2976470823c165 /zebra/rt_netlink.c
parent57745ad4c86d0dc7537740ab1a94b01d6525b565 (diff)
zebra: Avoid buffer overflow using netlink_parse_rtattr_nested()
memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); in netlink_parse_rtattr() seems a good candidate to buffer overflow. Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> (cherry picked from commit ce39ca16dd9ab7233e13171e08c35b2e1c196493)
Diffstat (limited to 'zebra/rt_netlink.c')
-rw-r--r--zebra/rt_netlink.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c
index 93b2d94671..1fa8ce3f64 100644
--- a/zebra/rt_netlink.c
+++ b/zebra/rt_netlink.c
@@ -420,10 +420,10 @@ static enum seg6local_action_t
parse_encap_seg6local(struct rtattr *tb,
struct seg6local_context *ctx)
{
- struct rtattr *tb_encap[256] = {};
+ struct rtattr *tb_encap[SEG6_LOCAL_MAX + 1] = {};
enum seg6local_action_t act = ZEBRA_SEG6_LOCAL_ACTION_UNSPEC;
- netlink_parse_rtattr_nested(tb_encap, 256, tb);
+ netlink_parse_rtattr_nested(tb_encap, SEG6_LOCAL_MAX, tb);
if (tb_encap[SEG6_LOCAL_ACTION])
act = *(uint32_t *)RTA_DATA(tb_encap[SEG6_LOCAL_ACTION]);
@@ -448,11 +448,11 @@ parse_encap_seg6local(struct rtattr *tb,
static int parse_encap_seg6(struct rtattr *tb, struct in6_addr *segs)
{
- struct rtattr *tb_encap[256] = {};
+ struct rtattr *tb_encap[SEG6_IPTUNNEL_MAX + 1] = {};
struct seg6_iptunnel_encap *ipt = NULL;
struct in6_addr *segments = NULL;
- netlink_parse_rtattr_nested(tb_encap, 256, tb);
+ netlink_parse_rtattr_nested(tb_encap, SEG6_IPTUNNEL_MAX, tb);
/*
* TODO: It's not support multiple SID list.