matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

bgpd: Make sure we have enough data to read restart time and flags for GR cap

Browse source 
Just a safety check to avoid out of bound reading.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
This commit is contained in:
Donatas Abraitis 2023-08-30 17:29:11 +03:00
parent 23fa9b4107
commit 7d5873cdc4
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bgpd/bgp_packet.c
View file

@ -2817,8 +2817,15 @@ static void bgp_dynamic_capability_graceful_restart(uint8_t *pnt, int action,
uint16_t gr_restart_flag_time;
uint8_t *data = pnt + 3;
uint8_t *end = pnt + hdr->length;
size_t len = end - data;
if (action == CAPABILITY_ACTION_SET) {
if (len < sizeof(gr_restart_flag_time)) {
zlog_err("%pBP: Received invalid Graceful-Restart capability length %d",
peer, hdr->length);
return;
}
SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
ptr_get_be16(data, &gr_restart_flag_time);
data += sizeof(gr_restart_flag_time);