From 7d5873cdc46b51196f12181dae6069a15fb87d67 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Wed, 30 Aug 2023 17:29:11 +0300 Subject: [PATCH] bgpd: Make sure we have enough data to read restart time and flags for GR cap Just a safety check to avoid out of bound reading. Signed-off-by: Donatas Abraitis --- bgpd/bgp_packet.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c index 97a68626e4..f59fd0a615 100644 --- a/bgpd/bgp_packet.c +++ b/bgpd/bgp_packet.c @@ -2817,8 +2817,15 @@ static void bgp_dynamic_capability_graceful_restart(uint8_t *pnt, int action, uint16_t gr_restart_flag_time; uint8_t *data = pnt + 3; uint8_t *end = pnt + hdr->length; + size_t len = end - data; if (action == CAPABILITY_ACTION_SET) { + if (len < sizeof(gr_restart_flag_time)) { + zlog_err("%pBP: Received invalid Graceful-Restart capability length %d", + peer, hdr->length); + return; + } + SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV); ptr_get_be16(data, &gr_restart_flag_time); data += sizeof(gr_restart_flag_time);