BGP: Fix bugs in handling of shutdown messages
There is an improper check for valid message size, which may lead to stack overflow and buffer leaks to log when a large message is received. Thanks to Daniel McCarney for bugreport and analysis.
This commit is contained in:
parent
56d8b1e7f6
commit
8388f5a7e1
1 changed files with 2 additions and 2 deletions
|
@ -2959,7 +2959,7 @@ bgp_handle_message(struct bgp_proto *p, byte *data, uint len, byte **bp)
|
|||
return 1;
|
||||
|
||||
/* Handle proper message */
|
||||
if ((msg_len > 255) && (msg_len + 1 > len))
|
||||
if (msg_len + 1 > len)
|
||||
return 0;
|
||||
|
||||
/* Some elementary cleanup */
|
||||
|
@ -2975,7 +2975,7 @@ bgp_handle_message(struct bgp_proto *p, byte *data, uint len, byte **bp)
|
|||
void
|
||||
bgp_log_error(struct bgp_proto *p, u8 class, char *msg, uint code, uint subcode, byte *data, uint len)
|
||||
{
|
||||
byte argbuf[256], *t = argbuf;
|
||||
byte argbuf[256+16], *t = argbuf;
|
||||
uint i;
|
||||
|
||||
/* Don't report Cease messages generated by myself */
|
||||
|
|
Loading…
Reference in a new issue