summaryrefslogtreecommitdiff
path: root/zebra/rt_netlink.c
diff options
context:
space:
mode:
Diffstat (limited to 'zebra/rt_netlink.c')
-rw-r--r--zebra/rt_netlink.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c
index 485abc3f12..8393ba6f24 100644
--- a/zebra/rt_netlink.c
+++ b/zebra/rt_netlink.c
@@ -384,17 +384,36 @@ static int netlink_route_change_read_unicast(struct nlmsghdr *h, ns_id_t ns_id,
if (rtm->rtm_family == AF_INET) {
p.family = AF_INET;
+ if (rtm->rtm_dst_len > IPV4_MAX_BITLEN) {
+ zlog_warn(
+ "Invalid destination prefix length: %d received from kernel route change",
+ rtm->rtm_dst_len);
+ return 0;
+ }
memcpy(&p.u.prefix4, dest, 4);
p.prefixlen = rtm->rtm_dst_len;
src_p.prefixlen =
0; // Forces debug below to not display anything
+
} else if (rtm->rtm_family == AF_INET6) {
p.family = AF_INET6;
+ if (rtm->rtm_dst_len > IPV6_MAX_BITLEN) {
+ zlog_warn(
+ "Invalid destination prefix length: %d received from kernel route change",
+ rtm->rtm_dst_len);
+ return 0;
+ }
memcpy(&p.u.prefix6, dest, 16);
p.prefixlen = rtm->rtm_dst_len;
src_p.family = AF_INET6;
+ if (rtm->rtm_src_len > IPV6_MAX_BITLEN) {
+ zlog_warn(
+ "Invalid source prefix length: %d received from kernel route change",
+ rtm->rtm_src_len);
+ return 0;
+ }
memcpy(&src_p.prefix, src, 16);
src_p.prefixlen = rtm->rtm_src_len;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-16 20:15:43 +0000