Jerry/bird
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

BGP: Fix bugs in handling of shutdown messages

Browse source 
There is an improper check for valid message size, which may lead to
stack overflow and buffer leaks to log when a large message is received.

Thanks to Daniel McCarney for bugreport and analysis.
This commit is contained in:
Ondrej Zajicek (work) 2019-09-09 03:13:35 +02:00
parent 56d8b1e7f6
commit 8388f5a7e1
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
proto/bgp/packets.c
View file

@ -2959,7 +2959,7 @@ bgp_handle_message(struct bgp_proto *p, byte *data, uint len, byte **bp)
return 1; return 1;
/* Handle proper message */ /* Handle proper message */
if ((msg_len > 255) && (msg_len + 1 > len)) if (msg_len + 1 > len)
return 0; return 0;
/* Some elementary cleanup */ /* Some elementary cleanup */
@ -2975,7 +2975,7 @@ bgp_handle_message(struct bgp_proto *p, byte *data, uint len, byte **bp)
void void
bgp_log_error(struct bgp_proto *p, u8 class, char *msg, uint code, uint subcode, byte *data, uint len) bgp_log_error(struct bgp_proto *p, u8 class, char *msg, uint code, uint subcode, byte *data, uint len)
{ {
byte argbuf[256], *t = argbuf; byte argbuf[256+16], *t = argbuf;
uint i; uint i;
/* Don't report Cease messages generated by myself */ /* Don't report Cease messages generated by myself */